Health Information Compliance Alert

Toolkit:

Take 4 Steps To Complete A Thorough Post-Breach Risk Assessment

Consider what you’ve done to mitigate the risks to the exposed PHI.

If you’re confused about what constitutes a breach under HIPAA, you’re not alone. But if you follow these steps and evaluate your answers to certain key questions, you can make a sound breach determination.

Under HIPAA, an impermissible use or disclosure of protected health information (PHI) is a breach unless the covered entity (CE) or business associate (BA) demonstrates that there is a low probability that the PHI was compromised, according to Clearwater Compliance LLC. And to make this determination, HIPAA requires you to perform a risk assessment on at least these four factors:

Source: https://clearwatercompliance.com/hipaa-hitech-news/suffered-data-breach-4-step-assessment/