Website spotlight: Prepare to respond to breaches of privacy

Staff Development Weekly: Insight on Evidence-Based Practice in Education, December 17, 2010

While your healthcare organization awaits a breach notification final rule from HHS, there are some practical steps you can take to prepare should you need to notify patients of a privacy breach.

Before an event happens, you should have a plan in place detailing how you will respond to a breach and notify your patients, says David Behinfar, JD, LLM, CHC, CIPP, privacy manager at the University of Florida College of Medicine in Jacksonville.

If you need to notify patients of a breach, there are some important elements of the process you should consider, says Behinfar, who spoke at the three-day Fourth HIPAA Summit West meeting in San Francisco October 5. You won't find these issues in the final rule, he says, since HHS simply does not formally provide specific guidance on one method of compliance versus another. HHS typically leaves it up to covered entities (CE) to work out the details for themselves, he says.
Editor's note: To read the rest of this free article, visit the Reading Room, which is part of

Most Popular