Data Breach Notification Policy

Premier Neuro Health complies with the HIPAA Breach Notification Rule (45 CFR §§164.400–414) and applicable state data privacy laws. This policy outlines our process in the event of a data breach involving patient information.

1. Definition of a Breach

A breach is any unauthorized acquisition, access, use, or disclosure of Protected Health Information (PHI) that compromises its security or privacy.

2. Breach Assessment

Upon discovery of a potential breach, we will:

• Conduct a risk assessment to determine the nature and scope of the incident.
• Identify the type of information involved, including whether PHI was encrypted or de-identified.
• Evaluate the likelihood that the PHI has been compromised.

3. Notification to Individuals

If a breach of unsecured PHI occurs, affected individuals will be notified without unreasonable delay and no later than 60 calendar days after discovery.

Notification will include:

• Description of the breach and date of occurrence.
• Types of information involved.
• Steps individuals should take to protect themselves.
• Actions taken by Premier Neuro Health to mitigate harm.
• Contact information for further assistance.

4. Notification to HHS and Media

When required:

· The U.S. Department of Health and Human Services (HHS) will be notified as per 45 CFR §164.408.

• If the breach affects more than 500 residents of a single state, notice will also be provided to prominent media outlets in that state.

5. State Law Compliance

Premier Neuro Health complies with data breach notification requirements in:

• New Jersey: N.J. Stat. §56:8-163
• New York: SHIELD Act (Gen. Bus. Law §899-aa)
• California: Civ. Code §§1798.82–84
• Massachusetts: 201 CMR 17.00
• Florida: Information Protection Act (FIPA)

6. Recordkeeping

All breach investigations and notifications are documented and retained for at least six years.

7. Contact

For questions or reports regarding potential breaches:

Premier Neuro Health
info@premierneurohealth.com 
+1 908-935-8226