Reviewing Procedures for Breach of PHI

Despite clear compliance plans, annual training, and limiting access, there is still a chance your practice could experience a breach of protected health information (“PHI”).  A “breach” means the use or disclosure of unprotected information that is not permitted by HIPAA and compromises the security and/or privacy of the PHI.  Most practices allocate considerable resources towards preventing breaches, but it is a good idea to review procedures in case a PHI breach should occurs.

  •  When a breach occurs, first gather information.  Determine what type of PHI was disclosed, who accessed it without authorization, and the number of patients exposed.
  •  Next, make every attempt to mitigate the damage.  Can you ensure that the breached PHI has been destroyed or will be returned?
  •  Third, provide the necessary notifications.  Patients must be notified no later than 60 days from when your practice knew or reasonably should have known of the breach.  To help expedite the notification process, make sure that your patient contact information remains current.
  •  Finally, review your practice’s compliance plan, training schedules, and access to PHI to help prevent a similar breach from occurring again.

© 2012 Parsonage Vandenack Williams LLC

For more information, contact info@pvwlaw.com

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s