Health Information Compliance Alert
Test Yourself on These Breach Notification Basics
PDF
Find out what “substitute individual notice” refers to. Even if your practice’s daily HIPAA compliance is topnotch, there’s always room for improvement. It’s especially important to review breach notification procedures every year, particularly with large-scale data security incidents on the rise. Why? A minor breach of patients’ protected health information (PHI) or electronic PHI (ePHI) can financially cripple most small organizations; however, you can combat violations with stronger protocols. In fact, the HHS Office for Civil Rights (OCR) continues to look favorably on organizations that have followed through on their risks with HIPAA management and breach planning. “A comprehensive HIPAA plan serves to reduce the risk of a breach, as well as mitigate potential fines in the event of a breach,” counsels attorney John E. Morrone, partner with Frier Levitt LLC in New York City. “Recent settlements indicate that OCR will continue to penalize entities not only on the basis of a breach itself, but also for failing to have in place the requisite safeguards that HIPAA requires to limit and/or prevent such an occurrence.” Test your knowledge of the HIPAA Breach Notification Rule with this true and false quiz. 1. Breaches and breach notifications are clear cut; there are no exceptions. a. True 2. Breaches cannot be reported to the HHS secretary until covered entities (CEs) know the exact number of individuals affected. a. True 3: When the CE’s patients’ contact information is outdated or deficient, it can release a “substitute individual notice.” a. True 4: CEs are expected to notify impacted individuals “without unreasonable delay” within 60 days after finding a breach. a. True 5: The only thing a CE must provide to patients, whose PHI was breached, is a notice of the incident. a. True 6: Business associates are off the hook when it comes to the Breach Notification Rule. a. True 7: CEs have the extra duty of fulfilling other administrative requirements per the OCR and HIPAA after a breach. a. True
b. False
b. False
b. False
b. False
b. False
b. False
b. False
Health Information Compliance Alert
- Case Study:
Compliance Fails Equal Major CMPs
Tip: Don’t ignore your risk analysis recommendations. If you fail to fix your HIPAA issues, [...] - Pocket This Expert Advice for 2020 HIPAA Planning
Tip: Ensure your BAs and vendors know the HIPAA rules, too. Just because your organization [...] - HIPAA Quiz:
Test Yourself on These Breach Notification Basics
Find out what “substitute individual notice” refers to. Even if your practice’s daily HIPAA compliance [...] - Fraud & Abuse:
Don't Miss IT-Related Updates to AKS
See new safe harbors to promote value-based care. The feds are on a mission to [...] - HIPAA Quiz Answers:
See How You Fared on Breach Notification
Hint: BAs have direct liability, too. After you’ve read the questions carefully and decided on [...] - Industry Note:
See New AIC Thresholds for 2020
If you’re filing an Administrative Law Judge (ALJ) request, expect the amount that remains in [...] - Industry Note:
Interoperability Goes Beyond Borders
Over the last year, the feds have maintained a steady stream of policies to improve [...] - Industry Note:
Data Exchange Factors in New Discharge Planning Final Rule
Medicare released another policy that interweaves interoperability with patient-centered initiatives — and this time it [...]