Breach notification

Last updated: Nov 17, 2025

HCO

HEALTH TECH VENDOR

PAYER

SUPPORT

To date, Redox hasn’t had any breaches of PHI data. Should this ever occur, we defer to the Breach Notification Rule from the U.S. Department of Health & Human Services (HHS) as the definitive source of information regarding how this must be reported. Read about the Breach Notification Rule.

In case of a breach, we'll notify affected customers within five business days of the breach discovery. Please note this is significantly quicker than the Breach Notification Rule requirement of notification within 60 calendar days after breach discovery.

What a Redox notification includes

As the Business Associate, Redox must notify covered entities if a breach occurs at or by the Business Associate.

A notification from us would include the following:

brief description of the breach
description of the type of information involved in the breach
steps affected individuals should take to protect themselves from potential harm
brief description of the investigation, mitigation, and prevention of further breaches
contact information

Your responsibility as a covered entity

Following a breach of unsecured protected health information (PHI), covered entities (i.e., you and your connections), must provide notification of the breach to:

any affected individuals
the HHS secretary (submit breach notifications to the secretary)
the media, in certain circumstances

FHIR® is a registered trademark of Health Level Seven International (HL7) and is used with the permission of HL7. Use of this trademark does not constitute an endorsement of products/services by HL7®.