Health Information Management

Q&A: Next of kin breach notification

HIM-HIPAA Insider, February 1, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Q. A covered entity received a business associate contract that included breach notification requirements. The terms of the contract required notification of next of kin if the individual is deceased. Does HIPAA allow notification of next of kin if a deceased  individual’s information was breached?

A. Yes, the HITECH Act and the interim final breach notification rule requires (as of presstime) that covered entities notify next of kin if a breach of unsecure PHI of a deceased individual occurs (45 CFR 164.404[d][1][ii]).
 
Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, answered this question in the February issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular