5.7 The HIPPA Breach Notification Rule

When the PHI of a patient has been breached or disclosed, the entity must notify the concerned patient about the breach. This action falls under the HIPAA Breach Notification Rule.

According to the Rule, any kind of breach is considered a breach unless the entity claims the probability of PHI being compromised is low.

Even if a particular breach meets the HIPAA’s low probability of compromise threshold, a physician should run a test to make sure that PHI has not been compromised.

They must perform the following steps:

  • Analyze the nature of the PHI and the extent to which it was involved in the breach
  • Identify the people who were using the PHI and to whom it was disclosed
  • Find whether or not the PHI was viewed
  • Analyze the extent to which the risk to the PHI has been mitigated.

These four steps are only required when an entity is not sure whether or not the PHI has been completely compromised. If the PHI is completely compromised, the Breach Notification Rule must be applied immediately.

Lesson Content
Notify of
0 Discussions
Inline Feedbacks
View all comments
Post a comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Would love your thoughts, please comment.x