[firm] blog logo

Legal Requirements Triggered by HIPAA Breach

An impermissible acquisition, access, use, or disclosure of HIPAA “protected health information” (“PHI”) under an employer’s group health plan (which is a “Covered Entity” under HIPAA) is not uncommon. If such a breach occurs with respect to the PHI of a Covered Entity, the employer needs to know that the Covered Entity may be required by HIPAA’s breach notification rules (the “Breach Rules”) to issue certain notices and perform other tasks. Analysis of the Impermissible Acquisition, Access, Use, or Disclosure of PHI An impermissible acquisition, access, use, or disclosure of PHI is presumed to be a “breach” unless the Covered Entity demonstrates that there is a low probability that the PHI has been compromised. The Breach Rules outline the four-factor risk assessment that a Covered Entity must perform (and document) in order to make such a demonstration. If, after completing the step above, the Covered Entity determines that a “breach”… Continue Reading

January 2019
S M T W T F S
« Dec   Feb »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Archives