Health Information Management

HIPAA Q&A: You’ve got questions. We’ve got answers!

HIM-HIPAA Insider, April 14, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Submit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide you with the information you need.

 
Q. Can you please confirm the time frame in which patients must be notified if their PHI is breached?
 
A. The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA CEs and their business associates (BA) to provide notification following a breach of unsecured PHI.
 
CEs must notify the affected individuals, the Secretary of HHS, and, in certain circumstances, the media. In addition, BAs must notify CEs if a breach occurs at or by the BA.
 
The law is as follows:
Individuals must be notified without unreasonable delay and in no case later than 60 days following the discovery of a breach. The notification must include, to the extent possible, a brief description of the breach, a description of the types of information that were involved in the breach, the steps affected individuals should take to protect themselves from potential harm, a brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information for the covered entity (or business associate, as applicable).
 
Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS,vice president of health information at Baylor Scott & White Health in Temple, Texas, answered this question for HCPro’s Briefings on HIPAA newsletter.

 

 



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs

  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular