PHI Breach - Dealing Breach With HIPAA Guidelines - PowerPoint PPT Presentation

About This Presentation
Title:

PHI Breach - Dealing Breach With HIPAA Guidelines

Description:

A breach of protected health information (“PHI”) is defined as the acquisition, access, use, or disclosure of unsecured PHI, in a manner not permitted by HIPAA, which poses a significant risk of financial, reputational, or other harm to the affected individual. – PowerPoint PPT presentation

Number of Views:42

less

Transcript and Presenter's Notes

Title: PHI Breach - Dealing Breach With HIPAA Guidelines


1
PHI Breach
  • Dealing Breach With HIPAA
  • Guidelines

2
BREACH
  • A Breach is, generally, an impermissible use or
    disclosure of protected health information
    compromises the security or privacy of the
    protected health information.
  • HIPAA defines breach as as the acquisition,
    access, use, or disclosure of unsecured PHI, in a
    manner not permitted by HIPAA, which poses a
    significant risk of financial, reputational, or
    other harm to the affected individual.
  • Risk assessment is done for any breach under
    following considerations
  • 1. Nature and extent of PHI
    involved.
  • 2. Authority of the person to
    whom disclosure is made.
  • 3. Whether the PHI is acquired
    or viewed.
  • 4. Extent to which the risk to
    the protected health information has been
    mitigated.
  • Both covered entities and business associates
    have discretion to provide the required breach
    notification.

2
3
Exceptions
  • There Are Three Exceptions
  • 1. Unintentional acquisition, access or use of
    protected health information by a workforce
    member or person acting under the authority of a
    covered entity or business associate-Within scope
    of authority.
  • 2. Inadvertent disclosure of the protected health
    information by a person authorized to access
    protected health information at a covered entity
    or business associate to another person
    authorized to access PHI, where the information
    will not be further disclosed or used.
  • 3. If the covered entity or business associate
    has a good fait or belief that the unauthorized
    person to whom the disclosure is made has not
    retained the information.

4
Notification Of Breach
  • 1. Responsible are covered entities and business
    associates.
  • 2. Covered entities will notify to individual or
    next of kin affected by breach.
  • 3. For business associate, they have to inform
    it to covered entities.
  • 4. Breach affecting more than 500 individual
    should be informed to Office OF Civic Rights.
  • 5. Breach affecting less than 500 individual,
    not required to be informed to Office OF Civic
    Rights
  • 6. If the Covered Entities Business Associate
    has a breach, they must report it within 60 days.

5
Examples Of Possible Breach
  • 1. Faxing patient information to the wrong fax
    number.
  • 2. Losing a laptop, flash drive, or CD containing
    patient information.
  • 3. Having improper website security that exposes
    an internal part of the website containing PHI to
    the public.
  • 4. Using a computer infected with a virus or
    malware.
  • 5. Improperly disposing electronic equipment
    containing PHI.

5
6
Countermeasures Against HIPAA Violation
  • 1. Verbal warning
  • 2. Notice of disciplinary action placed in
    personal files
  • 3. Removal of access privileges
  • 4. Termination
  • 5. Contract penalties
  • 6. Report to low enforcement for suspected
    criminal activity
  • 7. Civil action

6
Write a Comment
User Comments (0)
About PowerShow.com