Has your practice’s policies and procedures been updated since the U.S. Department of Health and Human Services (“HHS”) issued the final rule to the Health Insurance Portability and Accountability Act (“HIPAA”), which required compliance by September 23, 2013?  If not, it is likely that your policies and procedures–and especially the policy related to the breach notification standard–need to be updated.

The final rule’s modification to the breach notification standard establishes that an impermissible use or disclosure of unsecured protected health information (“PHI”) is presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability that the protected health information was compromised, or another exception applies.  Thus, in the final rule, HHS ultimately struck a balance by establishing a presumption standard, and detailed that organizations must assess the probability that PHI was compromised based on a risk assessment that considers at least the following factors:

  1. The nature and extent of the health information involved, including the types of identifiers and the likelihood of re-identification;
  2. The unauthorized person who used the health information or to whom the disclosure was made;
  3. Whether that health information was actually acquired or viewed; and
  4. The extent to which the risk of the health information has been mitigated.

According to the final rule, if the analysis of the factors described above fails to demonstrate that there is a low probability that the PHI was compromised, breach notification may be required.

Tell us how your organization responded to the HIPAA/HITECH final rule?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts


Recent Posts

Breaking: New Self-Disclosure Policy
March 21, 2023
What is a Power of Attorney?
March 16, 2023
Can Your EHR Template Land You in Prison?
March 14, 2023
What Happens When You Don’t Fund Your Trust?
March 9, 2023
What is the Cost of a Data Breach?
March 7, 2023


Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.


Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!