What is a Breach?
By definition a breach is the acquisition, access use or disclosure of protected health information (PHI) in a manner not permitted, and compromises the security of the protected health information.
Examples of a breach include:
- Employee does not log off the computer after use.
- Employee faxes the wrong PHI to another practice.
- Viewing patient records out of curiosity.
- Sharing PHI because the information is interesting, not for treatment, payment or operations purposes.
Factors must be considered to determine whether PHI has been compromised, including:
- The nature and extent of the violation.
- The nature and extend of resulting harm.
- Whether the violation hindered the ability to obtain health care.
- The extent to which the risk has been mitigated.
Last year, some of the biggest health information breaches, involved:
- Four unencrypted laptops containing more than 4 million patient records were stolen.
- Documents containing PHI were not properly shredded. Pieces of microfiche containing patient records were found that included Social Security numbers and other private data.
- A computer programming error caused extra pages from client notifications to be mixed into mailing to other clients. The client notifications contained unprotected medical and financial information.
- An out-of-use laptop scheduled to be encrypted was stolen from an employee's vehicle. The laptop contained health records and personal information of patients and family members.
One of the best methods for preventing a breach is through encryption. It is our recommendation to encrypt devices that access, acquire, use or store protected health information.
If you have any questions about what constitutes a breach or have any other questions, please do not hesitate to contact one of our professional consultants.