Drata Logo Dark (New)
  • Product
  • Resources
  • Alliances
  • Customers
  • Company
    Sign inGet Started
  • Sign in
  • Get Started
HomeCompliance GlossaryWhat is a HIPAA Breach?

What is a HIPAA Breach?

A HIPAA breach is defined as the acquisition, access, use, or disclosure of protected health information (PHI) in a manner not permitted by HIPAA regulations, which compromises the security or privacy of the PHI. Impermissible use or disclosure of protected health information is presumed to be a breach unless it can be shown that the probability of protected health information having been compromised is low, based on a multifactor risk assessment. The risk assessment should review the nature and extent of the PHI involved; to whom the disclosure of PHI was made; whether the PHI was in fact acquired or viewed; and the extent to which the risk to the PHI was mitigated, among other elements.


In the event of a breach of unsecured PHI, the HIPAA Breach Notification Rule requires that covered entities communicate notification of the breach to any affected individuals, the U.S. Department of Health & Human Services, and in some cases, the media.


HIPAA compliance is required of organizations and employees who work in or with the healthcare industry, or who have access to protected health information. A covered entity or business associate that fails to adhere to one or more of the HIPAA Rules is in violation of HIPAA; organizations that violate the provisions of the HIPAA Rules may be penalized. Penalties for HIPAA breaches are strict and can significantly impact an organization’s finances and reputation.

Join the Thousands of Companies that Trust Drata

See All Case Studies
Wiz logo 2
Airbase
TaskRabbit Logo
BambooHR Logo
Clearbit Logo
Superhuman
Alteryx logo
Lemonade Logo
Notion Logo
Vercel Logo
Wordpress VIP
Calendly Logo

View Drata Glossary

Learn more about other compliance and cybersecurity concepts in our glossary.

Read More

Solutions

StartupMid-MarketEnterpriseDrata PlatformIntegrations
Frameworks
SOC 2ISO 27001HIPAAGDPRNIST AI Risk ManagementFedRAMPNIS 2Custom FrameworksAll Frameworks
Resources
BlogEventsWebinarsReportsSOC 2 HubISO 27001 HubProduct UpdatesCompliance GlossaryAPI Documentation
Company
CareersCustomersAuditorsPartnersPressContact UsLegal
Trust
Security and ComplianceTrust CenterSystem StatusAccessibility

Drata Logo Light

© 2025 Drata Inc. All rights reserved.

|Privacy Notice|Legal