Corporate Compliance

Harm thresholds: Opportunity for CEs to be more accountable for PHI, breach mitigation

Strategies for Health Care Compliance, December 1, 2009

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Strategies for Health Care Compliance.

But it wasn’t all bad news for CEs and BAs.

The rule’s “harm threshold” provision provides CEs an avenue to avoid reporting a breach to HHS. If the incident involves encrypted data compliant with HHS guidelines or if a risk assessment shows that the disclosure does not pose a significant risk to the affected individual, there is no breach.

This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Strategies for Health Care Compliance.

Most Popular