HIPAA Sample Breach Notification Letter: Who Must Be Notified?

Under HIPAA, when a breach of unsecured PHI takes place, the covered entity that sustains the breach must notify affected individuals of the breach. Notification must be provided through a breach notification letter. The content requirements and a HIPAA sample breach notification letter are discussed below. Patient Notification in Breach Notification Letters Prior to 2009, many breaches of unsecured PHI went unreported, [...]

2022-05-06T17:03:36-04:00February 15th, 2022|

What is a HIPAA Breach Notification Form?

You may have been hearing a lot about HIPAA breach notification reporting lately and for a good reason. The deadline to report small-scale breaches to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is March 1st. When reporting breaches to the HHS OCR, they require you to submit a HIPAA Breach Notification Form.  Before completing the form, [...]

2022-05-06T17:03:37-04:00February 8th, 2022|

FTC Breach Notification Rule Expands for Health Applications

A recent policy statement by the Federal Trade Commission (FTC) has dramatically expanded coverage and penalties under the FTC Breach Notification Rule for companies that develop and offer mobile health applications and services for consumers. History of the FTC Breach Notification Rule As issued by the FTC in 2009, the Breach Notification Rule required PHR vendors to notify the Federal Trade Commission and any affected individuals upon:  [...]

2022-05-06T17:03:38-04:00January 31st, 2022|

Don’t Miss the 2022 HIPAA Breach Notification Rule Deadline

Hopefully, you’ve been keeping a list of your minor breaches that occurred in 2021 because now is the time to report them to the Department of Health and Human Services. As the 2022 HIPAA breach notification rule deadline approaches, it is important that you know the deadline and understand what incidents need to be reported. When is the 2022 HIPAA Breach Notification [...]

2022-05-06T17:03:39-04:00January 28th, 2022|

Leap Year Law and the HIPAA Breach Notification Deadline

Is there such a thing as a leap year law? Once every four years (e.g., 2000, 2004, 2008, 2012), there is a February 29th. Years with this extra calendar date are, of course, called leap years. The existence of an extra day in a year can change a legal deadline. This year, because there is an extra day, February 29, the breach notification deadline for [...]

2020-12-18T14:58:04-05:00February 5th, 2020|

Accidental Disclosure of PHI

Even when a covered entity or business associate maintains an effective HIPAA compliance program, an accidental disclosure of PHI may be made. For example, an employee may accidentally view patient records. A mailing may be sent to the wrong recipient. This article discusses how covered entities and business associates should respond in the event of an accidental PHI disclosure or HIPAA violation. How Should Covered [...]

2022-05-06T13:55:39-04:00December 30th, 2019|

The OCR HIPAA Violation Complaint Portal and Portal Assistant

The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) provides an online HIPAA Violation Complaint Portal Assistant that allows individuals who believe their HIPAA rights have been violated to report the incident. Users may input the following information using the Complaint Portal Assistant: When they learned of the most recent HIPAA violation Whom the complaint about the HIPAA violation [...]

2021-08-02T16:58:30-04:00December 20th, 2019|

Hospital Data Breaches and Patient Deaths

Researchers for the journal Health Services Research recently conducted a study to determine whether there is a relationship between hospital data breaches and patient deaths. Of particular interest was whether or not remediation efforts for hospital data breaches diminished the quality of hospital care.  Remediation Efforts for Hospital Data Breaches: Related to Quality of Patient Care? A hospital data breach is the unauthorized acquisition, access, use, or disclosure, in [...]

2022-05-06T14:38:19-04:00December 19th, 2019|

$2.175 Million HIPAA Fine Issued for Improper Breach Notification

In its’ most recent HIPAA settlement, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued a $2.175 million HIPAA fine to Sentara Hospitals. The HIPAA settlement stemmed from a breach in April 2017 that affected 577 patients. In addition to the fine, Sentara Hospitals has agreed to adhere to corrective action plans, to be submitted to HHS for approval. Would [...]

2022-05-06T12:13:33-04:00December 2nd, 2019|

Is Mailing Breach Notification Letters to Wrong Patient a Breach?

Alive Hospice, based in Tennessee, experienced a healthcare breach due to phishing emails. A phishing email occurs when a hacker disguises themselves as a trusted user, prompting recipients to click on a malicious link, allowing access to their email account. The incident was reported on July 3rd and affected 608 patients. Under the Health Insurance Portability and Accountability Act (HIPAA), Alive was required to mail breach notification letters to [...]

2019-12-27T09:09:09-05:00October 22nd, 2019|