The information is accessed and viewed, but the mistake is realized and the fax is securely destroyed or the email is deleted and no further disclosure is made. There are three exceptions when there has been an accidental HIPAA violation.ġ) An unintentional acquisition, access, or use of PHI by a workforce member or person acting under the authority of a covered entity or business associate, if such acquisition, access, or use was made in good faith and within the scope of authority.Įxample: A fax or email is sent to a member of staff in error. The HIPAA Breach Notification Rule (45 CFR §§ 164.400-414) also requires notifications to be issued. The extent to which risk has been mitigatedįollowing the risk assessment, risk must be managed and reduced to an appropriate and acceptable level.Whether PHI was actually acquired or viewed.The potential for re-disclosure of information.How Should Covered Entities Respond to an Accidental HIPAA Violation?Īny accidental HIPAA violation must be treated seriously and warrants a risk assessment to determine the probability of PHI having been compromised, the level of risk to individuals whose PHI has potentially been compromised, and the risk of further disclosures of PHI. The failure to report such a breach promptly can turn a simple error into a major incident, one that could result in disciplinary action and potentially, penalties for your employer. You will need to explain which patient’s records were viewed or disclosed. You should explain that a mistake was made and what has happened. The incident will need to be investigated, a risk assessment may need to be performed, and a report of the breach may need to be sent to the Department of Health and Human Services’ Office for Civil Rights (OCR). Your Privacy Officer will need to determine what actions need to be taken to mitigate risk and reduce the potential for harm. If a healthcare employee accidentally views the records of a patient, if a fax is sent to an incorrect recipient, an email containing PHI is sent to the wrong person, or any other accidental disclosure of PHI has occurred, it is essential that the incident is reported to your Privacy Officer. The majority of HIPAA covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is accidental HIPAA violation? How should healthcare employees, covered entities, and business associates respond? How Should Employees Report an Accidental HIPAA Violation?Īccidents happen. How Should You Respond to an Accidental HIPAA Violation?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |