Breach notifications must be provided to patients within how many days?

Under HIPAA regulations, when a covered entity experiences a data breach that affects protected health information (PHI), it is required to notify affected individuals within 60 calendar days from the date of the breach. This requirement is designed to ensure that patients are promptly informed of breaches that may compromise their personal health information, allowing them to take appropriate steps to protect themselves, such as monitoring their accounts or enrolling in identity theft protection services.

The 60-day timeframe is a critical aspect of the breach notification rule, as it emphasizes the urgency with which covered entities must respond to breaches. This timeline reinforces the importance of transparency and accountability in the handling of sensitive patient data.