Breaches Are A Serious Matter
Many breaches of Protected Health Information are a serious matter. A breach is an impermissible use or disclosure of protected health information or PHI. Consequently, it compromises privacy or security of PHI. It is presumed to be a breach unless certain criteria are met. The covered entity or business associate must demonstrate there is a low probability that the phi has been compromised based on a risk assessment of the following:
- Firstly, the nature and extent of the PHI involved, including the types of identifiers and the likelihood of identification
- Secondly, the unauthorized person to whom the disclosure was made.
- Third, whether the PHI was acquired or viewed.
- Finally, the extent to which the risk to the patient was mitigated.
There are many forms of Breaches of Protected Health Information. Some examples of breaches of paper phi are loss of paper files, unsecure disposal, and paperwork given to the wrong person. As a result, all entities that handle paper PHI must be aware of how important it is when sharing or disposing of this information. It is not uncommon for patients to receive the discharge summary of other patients or to see old medical records simply thrown away in the trash.
Examples of electronic PHI breaches include loss of an unencrypted mobile device and sharing PHI on an unsecured document sharing internet site. Most importantly, all organizations must create a process by which electronic PHI is protected on the cloud.
Consequently all of these have been the subject of Office for Civil Rights penalties.
Verbal breaches of PHI occur if PHI is disclosed to the wrong individual or if its overheard when safeguards are not used.
It is important for all covered entities and business associates to review their policies. As A result they will be able to better protect PHI whether it is paper, electronic or spoken.
Please contact us, for more information about breaches or about HIPAA. Follow us on Facebook or Twitter.