Scope of this Summary
Form of Covered Info
Encryption Safe Harbor
Timing: Must be made in most expedient time possible and without unreasonable delay, consistent with any measures necessary to determine the scope of the breach, identify those affected, and restore the reasonable integrity of the system.
Method: By written notice to most recent address in covered entity’s records, or electronic notice if the primary method of communication with the resident or if consistent with E-SIGN. Substitute notice is available if certain criteria are satisfied.