Long-Term Care Survey Alert

To Report or Not to Report:

If a Breach Fits One of These Exceptions,Your Facility May Be Home Free

Published on Thu Oct 01, 2009

Include this information as part of your risk analysis.

Knowing what doesn't count as a breach under new HIPAA notification rules can help you weigh whether to report a disclosure of unsecured protected health information. The rules, which went into effect on Sept. 23, include four exceptions, as follows:

Exception No. 1. An unintended acquisition, access or use of PHI by a person with authority to handle PHI who is acting in good faith. Also, "there's no further acquisition, access or use of the PHI," says attorney Kathryn Solley, with Atlanta law firm Seyfarth Shaw LLP.

Example: A nurse handed a doctor the wrong patient folder but immediately retrieved it, or the doctor returned the folder unused.

Exception No. 2. An inadvertent breach where a nurse, for example, gives another nurse information that the second nurse shouldn't have, but there's no reasonable risk of further use or misuse of the PHI. "Here, each party has authority to access PHI at the same location, but not necessarily the PHI at issue," says Solley.

Exception No. 3: A disclosure that occurs when the covered entity has a good faith belief that an unauthorized person (such as the recipient of a fax) would not retain the information "because in a follow-up call, the recipient agreed to destroy the fax," Solley notes.

Exception No. 4: Disclosure, access, or use of PHI involving a limited data set that excludes both birth dates and zip code information.

Long-Term Care Survey Alert

QUALITY REPORTING:
State Attorneys General to CMS: Suspend and Revise 5-Star Program
Find out why 31 AGs are criticizing the initiative -- and what their opposition may mean [...]

INFECTION CONTROL:
Target These 4 Often Overlooked Infection Threats
Take steps to prevent bacterial contamination from common equipment and procedures. Are hidden sources of [...]

QUALITY IMPROVEMENT:
Head Off These Medication Safety Problems Before They Cause Serious Harm
Take steps to prevent bacterial contamination from common equipment and procedures. Reducing adverse drug events [...]

HIPAA:
Follow the Ins and Outs of Finalized Breach Notification Rules
If a breach involves 500+ people, here's what your facility will suffer. Picture this: A [...]

MDS CORNER:
CMS Official Clarifies Suspected DTI Coding on MDS 2.0
Confused about coding suspected deep-tissue injury on the MDS 2.0? CMS recently provided some clarification [...]

RISK MANAGEMENT TIP:
Maintain the Fall Scene to Get a Heads Up on What Happened
Find out how this facility gets to the bottom of unwitnessed falls. If a resident [...]

To Report or Not to Report:
If a Breach Fits One of These Exceptions,Your Facility May Be Home Free
Include this information as part of your risk analysis. Knowing what doesn't count as a [...]

MDS & CLINICAL NEWS
Don't code the H1N1 flu immunizations on the MDS. That's the official word from CMS. [...]

View All