On August 19, 2009 the U.S. Department of Health and Human Services (HHS) issued an interim final rule known as the Breach Notification Rule which requires all HIPAA covered entities to notify individuals about breach of their protected health information. Along with the covered entities, the rule applies to health care providers and health plans, business associates, including third-party administrators.