HIPAA Breach Evaluation and Reporting - What Qualifies as a Reportable Breach and how to Report It

Overview: The HIPAA Breach Notification Rule has been in effect since 2010 and has been Overview: The HIPAA Breach Notification Rule has been in effect since 2010 and has been 
significantly modified in 2013. We will discuss the origins of the rule and how it works, 
including interactions with other HIPAA rules and penalties for violations. Whenever there may 
be a privacy issue involving Protected Health Information, there may be a reportable breach 
under the HIPAA regulations. Not all privacy violations are reportable breaches, though, so it 
is essential to have a good process for evaluating incidents to see if they have resulted in a 
reportable breach.
Any privacy rule violation that results in an acquisition, access, use, or disclosure of PHI in 
violation of the HIPAA Privacy Rule may be a breach, unless the incident is one of the defined 
exceptions from the definition. A breach is reportable unless the information was secured or 
destroyed in the incident, or unless a risk analysis shows that there is a low probability of 
compromise of the information, based on at least four factors defined in the rules. We will 
examine how to determine if a privacy violation is potentially a breach according to the 
definition, and then describe the subsequent steps in the evaluation, if it is determined that 
the definition has been met. 
We will discuss the exceptions to the breach definition for inadvertent internal uses, or when 
it can be determined that the information could not be retained in any way by the receiving 
party. Entities can avoid notification if information has been encrypted according to Federal 
standards. We will cover the guidance from the US Department of Health and Human Services that 
shows how to encrypt so as to prevent the need for notification in the event of lost data. 
Failing that, a risk analysis can be conducted to determine the probability of compromise of 
the information, considering four factors: what the data is and how well identified it is, to 
whom was it released and do they have obligations to protect the information, whether or not 
the information actually exposed, and whether or not the incident has been mitigated properly. 
However, it must be noted that any compromise of the information by Ransomware that denies 
access or control of your information should be treated as a reportable breach. 

Price - $139

Contact Info:
Netzealous LLC - MentorHealth
Phone No: 1-800-385-1607
Fax: 302-288-6884
Email: support@mentorhealth.com
Website: http://www.mentorhealth.com/
Webinar Sponsorship: https://www.mentorhealth.com/control/webinar-sponsorship/
Follow us on : https://www.facebook.com/MentorHealth1
Follow us on : https://www.linkedin.com/company/mentorhealth/
Follow us on : https://twitter.com/MentorHealth1