Per HIPAA, “a breach is defined as an unauthorized acquisition, access, use, or disclosure of PHI, which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have could retain such information.”
Whew! That was a lot to type, but hopefully, reading the definition will help you understand why this is a hot topic.
Even the personnel from Insider Data Breach understand the importance of this topic, in which they reported that 43% of breaches were due to employees rushing and making mistakes.
Which is why once you find out that patient information has been compromised, the number of people affected by the breach determines the next steps you will take.
All individuals and HHS officials must first be notified of the breach, in which there are several ways to the notification process, such as:
The information mentioned above is from the federal perspective, in which you will still need to comply with the state if a breach occurs.
Though your business associates are responsible for breach reporting, this still does not exempt you from liability. Therefore, you must check in with business associates regularly.
Don’t ever think you are not susceptible to a breach, which is why having an effective compliance program is critical.
**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties. Research, modify, and tailor the advice to fit your specialty.