Has your practice’s policies and procedures been updated since the U.S. Department of Health and Human Services (“HHS”) issued the final rule to the Health Insurance Portability and Accountability Act (“HIPAA”), which required compliance by September 23, 2013?  If not, it is likely that your policies and procedures–and especially the policy related to the breach notification standard–need to be updated.

The final rule’s modification to the breach notification standard establishes that an impermissible use or disclosure of unsecured protected health information (“PHI”) is presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability that the protected health information was compromised, or another exception applies.  Thus, in the final rule, HHS ultimately struck a balance by establishing a presumption standard, and detailed that organizations must assess the probability that PHI was compromised based on a risk assessment that considers at least the following factors:

  1. The nature and extent of the health information involved, including the types of identifiers and the likelihood of re-identification;
  2. The unauthorized person who used the health information or to whom the disclosure was made;
  3. Whether that health information was actually acquired or viewed; and
  4. The extent to which the risk of the health information has been mitigated.

According to the final rule, if the analysis of the factors described above fails to demonstrate that there is a low probability that the PHI was compromised, breach notification may be required.

Tell us how your organization responded to the HIPAA/HITECH final rule?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts

Categories

Recent Posts

Happy Thanksgiving from Rickard & Associates!
November 24, 2022
Protect Your Practice Against Telemedicine Fraud
November 22, 2022
Do I Need an Estate Plan?
November 17, 2022
Ready for an Audit?
November 15, 2022
What’s Wrong with Using an Online Will?
November 10, 2022

Subscribe

Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.

 

Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!