![]() In addition, for purposes of this definition, the rule provided that “compromises the security or privacy of the protected health information” means poses a significant risk of financial, reputational, or other harm to the individual. Section 13400(1)(A) of the Act defines “breach” as the “unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.” Section 13400(1)(B) of the Act provides two additional exceptions to the definition of “breach.” The interim final rule at 45 CFR 164.402 defined a “breach” to mean generally “the acquisition, access, use, or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.” The definition included the statutory exceptions to the definition (discussed below) and clarified that “unauthorized” for purposes of the statute meant in a manner not permitted by the Privacy Rule. Notification in the Case of Breach - Definitions HHS Description and Commentary From January 2013 Amendments Unsecured protected health information means protected health information that is not rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of a technology or methodology specified by the Secretary in the guidance issued under section 13402(h)(2) of Public Law 111-5. (iv) The extent to which the risk to the protected health information has been mitigated. ![]() (iii) Whether the protected health information was actually acquired or viewed and (ii) The unauthorized person who used the protected health information or to whom the disclosure was made (i) The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification (2) Except as provided in paragraph (1) of this definition, an acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors: (iii) A disclosure of protected health information where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information. (ii) Any inadvertent disclosure by a person who is authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates, and the information received as a result of such disclosure is not further used or disclosed in a manner not permitted under subpart E of this part. (i) Any unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or a business associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted under subpart E of this part. Notification in the Case of Breach - Definitions- § 164.402Īs used in this subpart, the following terms have the following meanings:īreach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information. ![]() HIPAA Regulations: Notification in the Case of Breach - Definitions - § 164.402Īs Contained in the HHS Rules on Notification in the Case of Breach of Unsecured Protected Health Information ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |