The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and many organizations are not prepared to respond to a breach of PHI and report and document it properly. We will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations, and recent significant chganges to the rules.