If a PHI Breach Fits One of These Exceptions, You May Be Home Free

Wed, Jan 27, 2010

Cool Tools

Include this information as part of your risk analysis.

Knowing what doesn’t count as a breach under new HIPAA notification rules can help you weigh whether to report a disclosure of unsecured protected health information. The rules include four exceptions, as follows:

Exception No. 1. An unintended acquisition, access or use of PHI by a person with authority to handle PHI who is acting in good faith. Also, “there’s no further acquisition, access or use of the PHI,” says attorney Kathryn Solley, with Atlanta law firm Seyfarth Shaw LLP.

Example: A nurse handed a doctor the wrong patient folder but immediately retrieved it, or the doctor returned the folder unused.

Exception No. 2. An inadvertent breach where a nurse, for example, gives another nurse information that the second nurse shouldn’t have, but there’s no reasonable risk of further use or misuse of the…

Click here to login and get access to this article if you already receive the HIT News Wire
If you've already signed in and are still seeing this screen, click here to refresh the page.
HIT News Wire
Free registration required for full access to articles.
You will also receive
  • Free updates on the latest developments affecting healthcare IT.
  • Discounts on 3rd party offers.
Join now
You must have javascript enabled to use this form
Bookmark and Share
, , , , ,

Leave a Reply