HIPAA ENFORCEMENT:
Know the Rules When You Experience a Security Breach
Published on Sat Aug 22, 2009
In some cases, you must alert the media. If you violate a patient's privacy, the days where you could quietly sweep the breach under the rug are over. The Dept. of Health and Human Services (HHS) published regulations that require you to alert affected individuals of a security breach. And sometimes, you even have to contact the media. If your practice (or any HIPAA-covered entity) breaches an individual's health information, you must "promptly" notify the individual via first-class mail at the individual's last known address. If the individual agrees to receive electronic notice, you can instead choose to contact him via email, according to the notification, published in the Aug. 24 Federal Register. In cases where you don't have the contact information for 10 or more individuals whose security was breached, you must provide substitute notice, either by posting information about the breach on your Web site for 90 days [...]