HIPAA Breach Notification – What you need to know

HIPAA Breach Notification – What you need to know
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that was established to transform the security landscape of the healthcare industry. Businesses that are found guilty of a breach or violation of HIPAA rules will have to face repercussions. Part of the HIPAA law includes the HIPAA Breach Notification Rule, which mandates that organizations report a security breach within 60 days of discovering an incident to the authorities, to affected individuals, and in some cases to the media. It is therefore essential for all those dealing with protected health information (PHI) directly or indirectly to know what the penalties are for such breaches.In today’s article, we have discussed the HIPAA Breach and HIPAA Breach notification rules for a better understanding of the HIPAA Act.What is considered a breach of HIPAA?According to the U.S. Department of Health and Human Services (HHS), HIPAA breach can be defined as unauthorized use, access or disclosure of PHI under the Privacy Rule that compromises the security and privacy of protected health information. Unauthorized access or use of protected health information is considered a breach unless the covered entity or business associate demonstrates that there is a low probability that the PHI is compromised. So, in case of a breach, the organization has to conduct a HIPAA Breach Risk Assessment to evaluate the level or extent of the breach. Further, there should be a HIPAA Breach Risk Assessment conducted as per the HHS based on the following factors:The nature and extent of the PHI Breach involvedThe unauthorized person who accessed the PHIWhether the PHI was acquired or viewedThe extent to which the risk to the PHI has or can be mitigatedHowever, it is important to note that the Risk Ass ..

Support the originator by clicking the read the rest link below.