Breach Notification Period is a variable that appears in the Business Associate Agreement Cover Page, in the Key Terms section. This section is for your agreements' key legal terms.

This term allows you to specify the window of time in which your company will notify your counterparty in the event of a security breach or disclosure of PHI outside of the bounds of this BAA.

Within how much time will your company report to your counterparty any security breaches or disclosures of PHI that aren’t permitted by this agreement?

Default: 30 Calendar Days

Note: HIPAA regulations state that this period cannot be longer than 60 calendar days. However, some state laws, including state health information laws like the California Confidentiality of Information Act stipulate shorter periods of time (e.g., 15 business days).