Has your practice’s policies and procedures been updated since the U.S. Department of Health and Human Services (“HHS”) issued the final rule to the Health Insurance Portability and Accountability Act (“HIPAA”), which required compliance by September 23, 2013?  If not, it is likely that your policies and procedures–and especially the policy related to the breach notification standard–need to be updated.

The final rule’s modification to the breach notification standard establishes that an impermissible use or disclosure of unsecured protected health information (“PHI”) is presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability that the protected health information was compromised, or another exception applies.  Thus, in the final rule, HHS ultimately struck a balance by establishing a presumption standard, and detailed that organizations must assess the probability that PHI was compromised based on a risk assessment that considers at least the following factors:

  1. The nature and extent of the health information involved, including the types of identifiers and the likelihood of re-identification;
  2. The unauthorized person who used the health information or to whom the disclosure was made;
  3. Whether that health information was actually acquired or viewed; and
  4. The extent to which the risk of the health information has been mitigated.

According to the final rule, if the analysis of the factors described above fails to demonstrate that there is a low probability that the PHI was compromised, breach notification may be required.

Tell us how your organization responded to the HIPAA/HITECH final rule?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.