If a breach involves 500+ people, here’s what your health care organization will suffer.
Picture this: A nurse hands a patient someone else’s discharge papers but promptly discovers the error and retrieves the protected health information. Would your health care organization have to report that as a breach of unsecured PHI under HIPAA notification rules?
The answer: It depends. The scenario wouldn’t constitute a breach — “if the nurse can reasonably conclude that the patient couldn’t have read or otherwise retained the information,” according to the Health & Human Services’ (HHS) interim final rule implementing the new requirements. But suppose the patient turned the corner and was out of sight momentarily and the discharge orders included “a sensitive diagnosis such as HIV, and the facility was in a small community”— or the nurse had reviewed the discharge orders with the patient, says Chicago attorney Michael Roach. Those scenarios could trigger the notification requirements, he…
If you've already signed in and are still seeing this screen, click here to refresh the page.
- Free updates on the latest developments affecting healthcare IT.
- Discounts on 3rd party offers.
Leave a Reply