Desiree Moore, Gina Bertolini, and Jackie Hoffman discuss the increasing impact of data security incidents and security breaches on the health care sector. They define what qualifies under HIPAA as a protected health information breach, discuss the importance of outside counsel in security incidents, review the timeline of reporting a breach to the Office for Civil Rights (OCR), and provide a road map on to how to manage a security incident from start to finish.