How long must covered entities notify affected individuals of a breach?

The correct answer indicates that covered entities must notify affected individuals of a breach within 60 days. This timeframe is established by the Health Insurance Portability and Accountability Act (HIPAA) and its associated regulations, which aim to protect sensitive patient information. When a breach of unsecured protected health information occurs, the covered entity is obligated to inform affected individuals promptly to ensure they can take necessary precautions to protect themselves from potential identity theft or other consequences that may arise from such a breach.

The 60-day requirement reflects the urgency of addressing breaches while giving entities a reasonable timeframe to investigate and prepare their notifications effectively. This timeline balances the need for swift communication with practical considerations for those entities involved in breach assessments. Thus, adherent to this regulation is crucial for maintaining trust and compliance within healthcare settings.