Breaches Are A Serious Matter
Many breaches of Protected Health Information are a serious matter. A breach is an impermissible use or disclosure of protected health information or PHI. Consequently, it compromises privacy or security of PHI. We presume it to be a breach unless it meets certain criteria. The covered entity or business associate must demonstrate there is a low probability that the phi was compromised based on a risk assessment of the following:
- Firstly, the nature and extent of the PHI, including the types of identifiers and the likelihood of identification
- Secondly, the unauthorized person to whom they disclosed
- Third, whether the PHI was acquired or viewed
- Finally, the extent to which the risk to the patient was mitigated
There are many forms of Breaches of Protected Health Information. Some examples of breaches of paper phi are loss of paper files, unsecure disposal, and paperwork given to the wrong person. As a result, all entities that handle paper PHI must be aware of how important it is when sharing or disposing of this information. It is not uncommon for patients to receive the discharge summary of other patients or to see old medical records simply thrown away in the trash.
Breaches of Electronic PHI
Examples of electronic PHI breaches include loss of an unencrypted mobile device and sharing PHI on an unsecured document sharing internet site. Most importantly, all organizations must create a process by which electronic PHI is protected on the cloud.
Consequently all of these have been the subject of Office for Civil Rights penalties.
Verbal Breaches of PHI
Verbal breaches of PHI occur if PHI is disclosed to the wrong individual or if its overheard when safeguards are not used.
It is important for all covered entities and business associates to review their policies. As A result they will be able to better protect PHI whether it is paper, electronic or spoken.
For more information about breaches or about HIPAA please contact us. Follow us on Facebook or Twitter.