Weekly Tip â€" Breach
What is a Breach?
By definition a breach is the acquisition, access use or disclosure of protected health information (PHI) in a manner not permitted, and compromises the security of the protected health information.
Examples of a breach include:
- Employee does not log off the computer after use.
- Employee faxes the wrong PHI to another practice.
- Viewing patient records out of curiosity.
- Sharing PHI because the information is interesting, not for treatment, payment or operations purposes.
Factors must be considered to determine whether PHI has been compromised, including:
- The nature and extent of the violation.
- The nature and extend of resulting harm.
- Whether the violation hindered the ability to obtain health care.
- The extent to which the risk has been mitigated.
Last year, some of the biggest health information breaches, involved:
- Four unencrypted laptops containing more than 4 million patient records were stolen.
- Documents containing PHI were not properly shredded. Pieces of microfiche containing patient records were found that included Social Security numbers and other private data.
- A computer programming error caused extra pages from client notifications to be mixed into mailing to other clients. The client notifications contained unprotected medical and financial information.
- An out-of-use laptop scheduled to be encrypted was stolen from an employeeâ€™s vehicle. The laptop contained health records and personal information of patients and family members.
One of the best methods for preventing a breach is through encryption. It is our recommendation to encrypt devices that access, acquire, use or store protected health information.
If you have any questions about what constitutes a breach or have any other questions, please do not hesitate to contact one of our professional consultants.