Hint: The categories of breach are pretty all-encompassing. You and your colleagues may be well-versed in Health Information Portability and Accountability Act (HIPAA) compliance, but it’s often prudent to test your knowledge. Review breach procedures annually, especially because data and compliance breaches are on the rise. Even a minor breach of patient protected health information (PHI) or electronic PHI (ePHI) can be a death knell for small organizations, but you can try to ward off such occurrences by bolstering your compliance education and protocols. Plus, the HHS Office for Civil Rights (OCR) takes breach risk analysis and planning into account when evaluating organizations’ HIPAA breaches. “A comprehensive HIPAA plan serves to reduce the risk of a breach, as well as mitigate potential fines in the event of a breach,” counsels attorney John E. Morrone, partner with Frier Levitt LLC in New York City. “Recent settlements indicate that OCR will continue to penalize entities not only on the basis of a breach itself, but also for failing to have in place the requisite safeguards that HIPAA requires to limit and/or prevent such an occurrence.” Test your knowledge of the HIPAA Breach Notification Rule with this true and false quiz. See page 12 for answers. 1. Breaches and breach notifications are clear-cut; there are no exceptions. a. True 2. Breaches cannot be reported to the HHS secretary until covered entities (CEs) know the exact number of individuals affected. a. True 3: When the CE’s patients’ contact information is outdated or deficient, it can release a “substitute individual notice.” a. True 4: CEs are expected to notify impacted individuals “without unreasonable delay” within 60 days after finding a breach. a. True 5: The only thing a CE must provide to patients whose PHI was breached is a notice of the incident. a. True 6: Business associates are off the hook when it comes to the Breach Notification Rule. a. True 7: CEs have the extra duty of fulfilling other administrative requirements per the OCR and HIPAA after a breach. a. True
b. False
b. False
b. False
b. False
b. False
b. False
b. False