HIPAA Q&A: You’ve got questions. We’ve got answers!
HIM-HIPAA Insider, April 14, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Submit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide you with the information you need.
Q. Can you please confirm the time frame in which patients must be notified if their PHI is breached?
A. The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA CEs and their business associates (BA) to provide notification following a breach of unsecured PHI.
CEs must notify the affected individuals, the Secretary of HHS, and, in certain circumstances, the media. In addition, BAs must notify CEs if a breach occurs at or by the BA.
The law is as follows:
Individuals must be notified without unreasonable delay and in no case later than 60 days following the discovery of a breach. The notification must include, to the extent possible, a brief description of the breach, a description of the types of information that were involved in the breach, the steps affected individuals should take to protect themselves from potential harm, a brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches, as well as contact information for the covered entity (or business associate, as applicable).
Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS,vice president of health information at Baylor Scott & White Health in Temple, Texas, answered this question for HCPro’s Briefings on HIPAA newsletter.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- CDC alert: Screen for international travel as Ebola cases increase
- Q&A: Primary, principal, and secondary diagnoses
- Differentiate between types of wound debridement
- Complications from immobility by body system
- The consequences of an incomplete medical record
- Nursing responsibilities for managing pain
- OB services: Coding inside and outside of the package
- Practice the six rights of medication administration
- E-mailed
-
- CDC alert: Screen for international travel as Ebola cases increase
- Capturing start and stop times for infusions
- Differentiate between types of wound debridement
- Life Safety Code Q&A: Ambulatory care soiled utility room
- Leadership training for charge nurses
- Helping Charge Nurses understand their leadership role (Part 2 of 3)
- Five ways to safeguard your patients' valuables
- Developing a Fall-Prevention Program
- Coding, billing, and documentation tips for teaching physicians, interns, residents, and students
- Coding tip: Watch for different codes for SI joint injections
- Searched