One of the obligations of a covered entity is to issue customer notification of security breaches that involve the patient's information. HIPAA is quite clear on this obligation. There are exceptions to the general rule, however. Using your research, for this discussion:
Identify conditions in which you may not need to notify patients of a suspected breach.
Explain a scenario where you must provide notification and a scenario where you do not.
Explain the rationale behind the reasons using HIPAA references.