Revealing a data breach can be a hard action for an organization to take. The ongoing stream of notifications still generates attention, which is typically not positive when a security breakdown is revealed. At the same time, the notification is (or should be) unavoidable since the HIPAA breach notification rule is clear about what action is necessary. At this point in time, the requirements of the breach notification rule should be well understood.