FAQ

What is an unintentional health information exposure?

What is an unintentional health information exposure?

An unintentional acquisition or access of PHI by a member or person within the scope of the authority. For instance, an email sent to the wrong staff member wherein the data was accessed and viewed but in the realization that the mistake was securely deleted with no further disclosure.

What should you do if you believe PHI has been improperly disclosed transmitted accessed or stolen?

How to Take Action After an Improper Disclosure of Medical Records

  1. Contact the person or entity responsible for the disclosure, ask them to retrieve the disclosed records, and request that whoever received them destroy their copies.
  2. Contact HHS to describe the alleged incident and request an investigation.

What would not be considered PHI?

Examples of health data that is not considered PHI: Number of steps in a pedometer. Number of calories burned. Blood sugar readings w/out personally identifiable user information (PII) (such as an account or user name)

What happens if you accidentally disclose PHI?

You will need to explain which patient’s records were viewed or disclosed. The failure to report such a breach promptly can turn a simple error into a major incident, one that could result in disciplinary action and potentially, penalties for your employer.

What is a breach of PHI?

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.

When a breach of PHI affects more than 500?

If a breach of unsecured protected health information affects 500 or more individuals, a covered entity must notify the Secretary of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach.

Can you sue if your HIPAA rights are violated?

There is no private cause of action in HIPAA, so it is not possible for a patient to sue for a HIPAA violation. While HIPAA does not have a private cause of action, it is possible for patients to take legal action against healthcare providers and obtain damages for violations of state laws.

Is gender a PHI?

Health information such as diagnoses, treatment information, medical test results, and prescription information are considered protected health information under HIPAA, as are national identification numbers and demographic information such as birth dates, gender, ethnicity, and contact and emergency contact …

Is an email address considered PHI?

And as we’ve learned, even names or email addresses become PHI when coupled with a health condition. Covered entities must take reasonable steps to protect PHI sent via email all the way to the recipient’s inbox.

What is improper disclosure of PHI?

The HIPAA Security Rule requires PHI and ePHI to be secured at all times. If paperwork is left unattended it could be viewed by an unauthorized individual, be that a member of staff, patient, or visitor to the healthcare facility. Were that to happen it would be considered an impermissible disclosure of PHI.

Share this post