HIPAAcraticRx - The Prescription for HIPAA Compliance

HOME   |   THE RISKS   |  PATH TO COMPLIANCE  |  ADDITIONAL SERVICES  |  ABOUT  |  CONTACT

20 Hempstead Turnpike, Farmingdale, New York 11735 . (516) 200-6610 . info@hipaacraticrx.com

  • White LinkedIn Icon
  • White Facebook Icon
  • White Twitter Icon
  • White Google+ Icon

© 2019 HIPAAcratic Rx -

How to Handle Breach Notifications

February 26, 2020

 

 

Now this is a situation you hope never to find yourself in. But it is always best to be prepared. So, how do you move forward after a breach and handle notification of affected parties?

 

Under the HIPAA Breach Notification rule, covered entities, following a breach of unsecured protected health information, must provide notification of the breach to affected individuals.  Covered entities must provide notification, by providing notice of a breach of unsecured PHI in written form, by first-class mail, or, alternatively, by email, if the individual affected by the breach has agreed to receive such notices electronically.

 

If the covered entity has insufficient or out-of-date contact information for 10 or more individuals, the covered entity must provide breach notification by substitute individual notice. Substitute individual notice may be made by one of the following methods:

 

  • Posting the notice on the home page of its web site for at least 90 days

  • Providing notice in major print or broadcast media where affected individuals likely reside

 

The covered entity must include a toll-free phone number that remains active for at least 90 days where individuals can learn if their information was involved in the breach.

The notice must include the following:

 

  • A brief description of the breach

  • A description of the types of information that were involved in the breach

  • The steps affected individuals should take to protect themselves from potential harm;

  • A brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches

  • Contact information for the covered entity

 

How to Handle a Breach as a Business Associate

While the covered entity is ultimately responsible for ensuring individuals are notified, the covered entity may delegate the responsibility of providing individual notices to the business associate. Covered entities and business associates should consider which entity is in the best position to notify the individual.

 

Covered entities are also required to comply with certain administrative requirements with respect to breach notification.  For example, covered entities must:

  • Maintain written policies and procedures regarding breach notification;

  • Train employees on these policies and procedures; and

  • Develop and apply appropriate sanctions against workforce members who do not comply with these policies and procedures.

To read this article in its entirety, visit JDSupra. Got more questions? Contact the HIPAA compliance experts at HIPAAcraticRx.

 

Share on Facebook
Share on Twitter
Please reload

Featured Posts

How to Handle Breach Notifications

February 26, 2020

1/10
Please reload

Recent Posts
Please reload

Archive