HIPAA Security Incident Reporting Requirements
- Learn the HIPAA reporting requirements for a security breachdata security image by dinostock from Fotolia.com
In 1996 the United States Congress passed the Health Insurance Portability and Accountability Act (HIPAA). Ensuring the protection of medical information was one main reason for the adoption of HIPAA. With the increasing number of medical professionals relying solely on electronic record-keeping, the need for privacy guidelines in handling patient information is more important than ever. In the event of a privacy breach, there are a number of requirements for the reporting of the incident. The guidelines for reacting to such a breach help ensure that information is recovered and secured in a prompt fashion. - A privacy breach, according to HIPAA, can be defined as " any event, suspected event, or discovery of a vulnerability that could pose a threat to the confidentiality, integrity, or availability of supporting systems, applications, or information." The first requirement for reporting a HIPAA security breach is that the incident must immediately be reported to a supervisor or manager. If the incident or suspected incident is not reported promptly, any harm which results can lead to criminal prosecution of those who failed to report.
- After the supervisor receives notice of a potential security breach he must initiate an investigation of the incident. If a breach is indeed detected, the supervisor must notify a security office (any facility handling sensitive data must have a department dedicated to information security).
- Finally, the security office should notify the head of the organization. At this time, the organization should also notify government authorities if the privacy breach is a result of criminal activity. According to HIPAA, those individuals whose privacy may have been compromised must also be notified in a prompt manner. If these steps are taken, the damage that can occur as a result of unsecured medical information can be minimized.
Definition and Reporting
Investigation
Government Involvement
Source...