Keep Feds Abreast Of All HIPAA Breaches

Posted on 20 Sep, 2015 |comments_icon 6|By Chris Boucher

Alert patient, Secretary when private info gets exposed.

When a HIPAA breach occurs at your practice, you must file notifications as per the instructions of the U.S. Department of Health & Human Services (HHS). They’re so serious about these notices, there’s even a rule on the books.

“The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information,” according to the HHS website.

Get the lowdown on what constitutes a HIPAA breach, and what you have to do when one occurs, straight from the HHS rulebook.

Definition: HHS defines a breach as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information [PHI].”

HHS presumes all impermissible uses or disclosure of PHI to be breaches “unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment.” (For a more complete explanation of breach definition, and risk assessments, see the link at the bottom of this blog post.)

Notification requirements: When your practice experiences a HIPAA breach, HHS wants you to provide notifications to any affected individuals, the HHS Secretary and, in certain circumstances, the media. Here’s what HHS expects you to do for each of these populations should a breach occur:

  • Individuals: You must immediately notify any patient, business associate, employee, etc., that the breach affects.
  • Secretary: You must notify the Secretary of any breaches by completing a breach report form, which you can find at:
  • Media: If you experience a breach that affects more than 500 residents of a state or jurisdiction must notify the affected individuals and “provide notice to prominent media outlets serving the state or jurisdiction,” HHS reports.


Chris Boucher

Chris Boucher has nearly 10 years of experience writing various newsletters and other products for The Coding Institute. His blog will cover several areas of coding and compliance, including CPT® coding, modifiers, HIPAA compliance and ICD-10 coding.

More from this author

View More

6 thoughts on “Keep Feds Abreast Of All HIPAA Breaches

  1. Thank you for your own effort on this website. Debby take interest in working on investigation and it is easy to understand why. My spouse and i know all relating to the lively form you render efficient techniques by means of your blog and even strongly encourage participation from other people on the idea while our own girl is in fact understanding a great deal. Have fun with the rest of the year. Your doing a wonderful job.

  2. I’m also commenting to make you be aware of of the great experience my friend’s princess encountered viewing your web site. She discovered so many details, which included what it is like to have an incredible coaching character to make other people completely master certain multifaceted subject matter. You actually did more than our expectations. Thanks for producing these good, healthy, explanatory and also cool tips about your topic to Kate.

  3. My spouse and i were lucky when Michael could complete his web research while using the precious recommendations he grabbed while using the web page. It is now and again perplexing to just happen to be making a gift of concepts that people may have been making money from. And we all take into account we’ve got the blog owner to give thanks to because of that. The most important illustrations you have made, the easy website navigation, the friendships your site give support to promote – it’s got most extraordinary, and it’s letting our son and our family do think this topic is brilliant, which is wonderfully serious. Thanks for the whole thing!

Leave a Reply

Newsletter Signup