Today’s letter is B
B is for Breaches. A breach is an impermissible use or disclosure of protected health information or PHI that compromises its privacy or security. This is presumed to be a breach unless the covered entity or business associate can demonstrate there is a low probability that the phi has been compromised based on a risk assessment of the following:
- Nature and extent of the PHI involved, including the types of identifiers and the likelihood of identification
- The unauthorized person to whom the disclosure was made.
- Whether the PHI was acquired or viewed.
- The extent to which the risk to the patient was mitigated.
Examples of breaches of paper phi are loss of paper files, unsecure disposal, and paperwork given to the wrong person.
Examples of electronic PHI breaches include loss of an unencrypted mobile device and sharing PHI on an unsecured document sharing internet site.
All of these have been the subject of Office for Civil Rights penalties.
Verbal breaches of PHI occur if PHI is disclosed to the wrong individual or if its overheard when safeguards are not used.
For more information about breaches or about HIPAA please contact us. Follow us on Facebook or Twitter.