Risk assessment on potential disclosures to determine the need for Breach Notification

Lead the performance of a risk assessment on potential un-permitted users or disclosures to determine the need for breach notification letters to individuals affected.

Upon determining a breach has occurred, CPO will make the required individual notifications as soon as reasonably possible after the covered entity takes a sufficiently reasonable time to investigate the circumstances surrounding the breach in order to collect and develop the information required to be included in the notice to the individual, except in no case shall notifications be given later than 60 days following the discovery of a breach (unless a law enforcement agency requests a delay). Any delay based on a request from law enforcement must be documented in writing by the requesting law enforcement agency.

Source :
https://policy.utdallas.edu/utdbp3093