Keep Feds Abreast Of All HIPAA Breaches

Posted on 20 Sep, 2015 |comments_icon 3|By Chris Boucher

Alert patient, Secretary when private info gets exposed.

When a HIPAA breach occurs at your practice, you must file notifications as per the instructions of the U.S. Department of Health & Human Services (HHS). They’re so serious about these notices, there’s even a rule on the books.

“The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information,” according to the HHS website.

Get the lowdown on what constitutes a HIPAA breach, and what you have to do when one occurs, straight from the HHS rulebook.

Definition: HHS defines a breach as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information [PHI].”

HHS presumes all impermissible uses or disclosure of PHI to be breaches “unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment.” (For a more complete explanation of breach definition, and risk assessments, see the link at the bottom of this blog post.)

Notification requirements: When your practice experiences a HIPAA breach, HHS wants you to provide notifications to any affected individuals, the HHS Secretary and, in certain circumstances, the media. Here’s what HHS expects you to do for each of these populations should a breach occur:

  • Individuals: You must immediately notify any patient, business associate, employee, etc., that the breach affects.
  • Secretary: You must notify the Secretary of any breaches by completing a breach report form, which you can find at:
  • Media: If you experience a breach that affects more than 500 residents of a state or jurisdiction must notify the affected individuals and “provide notice to prominent media outlets serving the state or jurisdiction,” HHS reports.


Chris Boucher

Chris Boucher has nearly 10 years of experience writing various newsletters and other products for The Coding Institute. His blog will cover several areas of coding and compliance, including CPT® coding, modifiers, HIPAA compliance and ICD-10 coding.

More from this author

View More

3 thoughts on “Keep Feds Abreast Of All HIPAA Breaches

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter Signup