Find out what “substitute individual notice” refers to. Even if your practice’s daily HIPAA compliance is topnotch, there’s always room for improvement. It’s especially important to review breach notification procedures every year, particularly with large-scale data security incidents on the rise. Why? A minor breach of patients’ protected health information (PHI) or electronic PHI (ePHI) can financially cripple most small organizations; however, you can combat violations with stronger protocols. In fact, the HHS Office for Civil Rights (OCR) continues to look favorably on organizations that have followed through on their risks with HIPAA management and breach planning. “A comprehensive HIPAA plan serves to reduce the risk of a breach, as well as mitigate potential fines in the event of a breach,” counsels attorney John E. Morrone, partner with Frier Levitt LLC in New York City. “Recent settlements indicate that OCR will continue to penalize entities not only on the basis of a breach itself, but also for failing to have in place the requisite safeguards that HIPAA requires to limit and/or prevent such an occurrence.” Test your knowledge of the HIPAA Breach Notification Rule with this true and false quiz. 1. Breaches and breach notifications are clear cut; there are no exceptions. a. True 2. Breaches cannot be reported to the HHS secretary until covered entities (CEs) know the exact number of individuals affected. a. True 3: When the CE’s patients’ contact information is outdated or deficient, it can release a “substitute individual notice.” a. True 4: CEs are expected to notify impacted individuals “without unreasonable delay” within 60 days after finding a breach. a. True 5: The only thing a CE must provide to patients, whose PHI was breached, is a notice of the incident. a. True 6: Business associates are off the hook when it comes to the Breach Notification Rule. a. True 7: CEs have the extra duty of fulfilling other administrative requirements per the OCR and HIPAA after a breach. a. True
b. False
b. False
b. False
b. False
b. False
b. False
b. False