Breach notification

Last updated: Aug 18, 2022

To date, Redox hasn't had any breaches of PHI data. Should this ever occur, we defer to the Breach Notification Rule from the U.S. Department of Health & Human Services (HHS) as the definitive source of information regarding how this must be reported. Read about the Breach Notification Rule.

In case of a breach, we would notify affected customers within five business days of the breach discovery. Please note that this is significantly quicker than what's required by the Breach Notification Rule requirement of notification no later than 60 calendar days after breach discovery.

A notification from us would include:

  • a brief description of the breach
  • description of the type of information involved in the breach
  • steps affected individuals should take to protect themselves from potential harm
  • brief description of the investigation, mitigation, and prevention of further breaches
  • contact information

Following a breach of unsecured protected health information, covered entities (you and your connections), must provide notification of the breach to:

As the business associate, Redox must notify covered entities if a breach occurs at or by the business associate.