How Should Employees Report an Accidental HIPAA Violation?
October 16, 2017
If a healthcare employee witnesses an accidental disclosure of PHI on the job, they have to report the incident to their Privacy Officer.
The Privacy Officer will determine what actions need to be taken to mitigate risk and reduce the potential for harm. The incident will need to be investigated, a risk assessment may need to be performed, and a report of the breach may need to be sent to the Department of Health and Human Services’ Office for Civil Rights (OCR).
If a report is sent, the employee should disclose with the PO that a mistake was made and how it happened and which patient’s records were viewed or disclosed. Not reporting a breach promptly can turn a simple error into a major incident, one that could result in disciplinary action and potentially, penalties for the employer.
For more information in accidental breach notification and actions, check out this article from HIPAAJournal.com.
Sign up for Our Blog
April 3, 2018
Attorneys general from 32 U.S. states are opposing the Data Acquisition and Technology Accountability and Security Act, a draft bill released in mid-February. The proposed legislation would preempt necessary state data… Read More ›Read More
March 1, 2018
In light of Health and Human Services Office for Civil Right’s Cybersecurity February Newsletter, HHS OCR clearly sees phishing as an increasing problem, as they’re becoming “more sophisticated and harder… Read More ›Read More
February 26, 2018
The U.S. Securities and Exchange Commission recently released revised cybersecurity guidance for publicly traded companies. The guidance, approved unanimously by the commission on Tuesday, is meant “to assist public companies… Read More ›Read More