Advanced Search

Medicare Compliance & Reimbursement

HIPAA ENFORCEMENT:

Know the Rules When You Experience a Security Breach

Published on Sat Aug 22, 2009

In some cases, you must alert the media. If you violate a patient's privacy, the days where you could quietly sweep the breach under the rug are over. The Dept. of Health and Human Services (HHS) published regulations that require you to alert affected individuals of a security breach. And sometimes, you even have to contact the media. If your practice (or any HIPAA-covered entity) breaches an individual's health information, you must "promptly" notify the individual via first-class mail at the individual's last known address. If the individual agrees to receive electronic notice, you can instead choose to contact him via email, according to the notification, published in the Aug. 24 Federal Register. In cases where you don't have the contact information for 10 or more individuals whose security was breached, you must provide substitute notice, either by posting information about the breach on your Web site for 90 days [...]
You’ve reached your limit of free articles. Already a subscriber? Log in.
Not a subscriber? Subscribe today to continue reading this article. Plus, you’ll get:
  • Simple explanations of current healthcare regulations and payer programs
  • Real-world reporting scenarios solved by our expert coders
  • Industry news, such as MAC and RAC activities, the OIG Work Plan, and CERT reports
  • Instant access to every article ever published in your eNewsletter
  • 6 annual AAPC-approved CEUs*
  • The latest updates for CPT®, ICD-10-CM, HCPCS Level II, NCCI edits, modifiers, compliance, technology, practice management, and more
*CEUs available with select eNewsletters.

Other Articles in this issue of

Medicare Compliance & Reimbursement

View All