![]() The potential for re-disclosure of information. ![]() How Should Covered Entities Respond to an Accidental HIPAA Violation?Īny accidental HIPAA violation that may qualify as a data breach must be treated seriously and warrants a risk assessment to determine the probability of PHI having been compromised, the level of risk to individuals whose PHI has potentially been compromised, and the risk of further disclosures of PHI. The failure to report such a breach promptly can turn a simple error into a major incident, one that could result in disciplinary action and potentially, penalties for your employer. You will need to explain which patient’s records were viewed or disclosed. You should explain that a mistake was made and what has happened. The incident will need to be investigated, a HIPAA risk assessment may need to be performed, and a report of the breach may need to be sent to the Department of Health and Human Services’ Office for Civil Rights (OCR) and the affected individual. If so, the Privacy Officer will need to determine what actions need to be taken to mitigate risk and reduce the potential for harm. If the accidental violation is indeed a violation of HIPAA, the Privacy Office will need to determine whether or not the violation constitutes an impermissible use or disclosure which qualifies as a breach of unsecured PHI. For example, forgetting to document a patient´s agreement to be included in a hospital directory is not a violation of HIPAA but could be a violation of the hospital´s policies. The first thing a Privacy Officer should determine is whether the accidental HIPAA violation is indeed a HIPAA violation or a violation of the organization´s policies. If a healthcare employee accidentally views the records of a patient, if a fax is sent to an incorrect recipient, if an email containing PHI is sent to the wrong person, or if any other accidental disclosure of PHI has occurred, it is essential that the incident is reported to your Privacy Officer. The majority of HIPAA-covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is an accidental HIPAA violation? How should healthcare employees, covered entities, and business associates respond? How Should Employees Report an Accidental HIPAA Violation?Īccidents happen. How Should You Respond to an Accidental HIPAA Violation?
0 Comments
Leave a Reply. |