HIPAA compliance can be confusing and is ever-changing. Here are some must-know facts:
- The HIPAA Breach Notification Rule requires covered entities to notify affected individuals, the U.S. Department of Health and Human Services (HHS), and in some cases, the media, of a breach of PHI. The Breach Notification Rule also requires business associates of covered entities to notify the covered entity of breaches at or by the business associate.
- Privacy breaches that occurred in 2017 must be reported to HHS between January 1 and March 1, 2018. A Privacy breach is any impermissible use or disclosure that compromises the security or privacy of protected health information.
- Common potential breaches include faxing or mailing a patient’s information to the wrong recipient, or the loss or theft of paper, electronic records, or media. All potential breaches must be assessed against several factors to determine reportability to the patient and HHS.
- If this has occurred in your practice and you are unsure of what steps to take next, contact MDA-endorsed Eagle Associates, Inc. They are experts in navigating the Breach Notification Rule, and everything your practice needs to be HIPAA-compliant to help you avoid potentially steep fines and penalties.
As an MDA member you are eligible to receive special bundled compliance offerings at a significant discount. Follow the link below for more information. Be sure to identify yourself as an MDA member when you contact them!