What Is A HIPAA Breach And When Do You Need To Report It
If you work in the healthcare industry, you are most likely familiar with HIPAA and go to great lengths to make sure that your business is compliant with all the rules and regulations. But for those not familiar with it should be up to date on the healthcare regulation that everyone in the industry must follow. HIPPA stands for the Health Insurance Portability and Accountability Act that was passed by Congress back in 1996. The goal of the regulation is to make it easier for people to keep health insurance, protect their confidentiality and security of their healthcare information and to help the industry control administrative costs. Not following the rules and regulations put forth by this act can end up with an investigation and can potentially lead to expensive fines. Even something as simple as a typo can prompt an investigation.
A HIPAA breach is when your company’s system is breached and you must report it. If you fail to do so, you’ll be severely punished. So that this doesn’t happen to your business, you are responsible for locking down your system and making sure you report it when something does happen to go wrong. As to what constitutes as a breach, according to the HIPAA Breach Notification Rules, any potential exposure will be considered a breach and must be reported. For example, losing a flash drive with unencrypted information on it will count as a breech. However, if you prove there is a low risk of exposure during the potential breach you might be exempted. However there is a calculation you must first do:
You’ll have to figure out the following:
What information could have been exposed and can it in turn identify a patient?
Who may have received the info?
Whether they actually saw the private information?
How the risk has been fixed?
But no matter what you get for 1 and 2, if you can demonstrate that no unauthorized party was able to receive any private information, then you are exempt from the HIPAA Breach Notification.