HIPAA Breach Notification Reporting Times In a recent article I broke down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, into what the Department of Health and Human Services (HHS) requires Covered Entities (CEs) AND their third-party vendors, what to do in the event of a breach of unsecured protected health information (PHI). Today I am going a step deeper …
HHS is Not the Only Federal Agency Enforcing HIPAA Breach Notification Rule This week I am breaking down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, directly from Health and Human Services (HHS). HIPAA Breach Notification Rule requires hospitals, insurance companies, healthcare providers and their third-party vendors provide notification following a breach of unsecured protected health information (PHI). …
HIPAA Security Incident vs BreachWhat’s the Difference? Today I am breaking down the difference between a HIPAA security incident vs breach. First, allow me to set the stage with definitions to provide some clarification. What are HIPAA Security Incidents? The HIPAA Security Rule defines security incidents as attempted or successful unauthorized access, use, disclosure, modification, or destruction of information …
HIPAA Security Incident vs Breach What’s the Difference? Read More »
What if your Business Associates Had A Security Incident? Covered Entities (CEs) believe it’s impossible to determine whether the policies and procedures of their Business Associates (BAs) are adequate to respond effectively to a security incident. To complicate matters, more believe their Business Associates would NOT notify them in the event of a security incident. …