Patient’s Guide to HIPAA – Uses and Disclosures: What Does the Breach Notice I Received Mean?





You are reading the Patient’s Guide to HIPAA, FAQ  65

HIPAA Guide Quick Links:


FAQ 65: What Does the Breach Notice I Received Mean?

Let’s start with the basics. What’s a breach?  A breach is impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of PHI. The full definition of what is and is not a breach is too complicated for this FAQ. In general, if a covered entity has a qualifying breach, it will send you a notice to let you know. The notice will include details about the breach and advice about what you should do to protect yourself.

A breach can lead to negative consequences for you, but we don’t want you to overreact. Yes, you could become a victim of identity theft, either financial identity theft or medical identity theft. Yes, you are at greater risk because of the breach. Do not panic.

We cannot assess the probabilities, but not every breach results in consequences for the victims of the breach. If you are offered free credit monitoring, you may want to accept it. If the breach included disclosure of your credit card number or your health insurance number, you may want to pay close attention to credit card bills or explanation of benefits. Frankly, you should be paying close attention to these anyway. You should make sure that all charges to your credit card are correct, and you should follow up if any are not. Same with explanations of benefits from a health insurer. If it doesn’t look right, call the insurer or provider and ask questions.

We do not advise paying for identity theft insurance or even buying credit monitoring unless you have a very good and very specific reason for doing so. Identity theft insurance is rarely worth the cost.

You can learn more about medical identity theft at the World Privacy Forum website at There are lots of resources and advice. For more on financial identity theft, go the Identity Theft Resource Center at



Roadmap: Patient’s Guide to HIPAA: Part 3: What You Should Know about Uses and Disclosures (FAQ 65 of 65)

Jump to list of FAQs 1-65 | See all of Part 3