HIPAA Data Breaches - What You Need to Know

​Between January and May of 2016, 2,136,810 patient records we stolen and exposed in the United States. This exposure of patient health information can be blamed on security breaches, but do you know what constitutes a breach and how do you move forward if one happens?

A security breach is defined as the “acquisition, access, use or disclosure of protected health information in a manner not permitted which compromises the security or privacy of the protected health information.” Most people probably think breaches occur when their system is hacked but in reality it can happen numerous ways including:

• Hacking/IT Incident
• Improper Disposal of PHI
• Unauthorized Access/Disclosure
• Theft and Loss of Laptops and Records

These breaches can occur by simply sending a fax or email to the wrong person, leaving your computer in your car and it’s stolen, or even opening an email with ransomware. That’s why it’s imperative for employees to be properly trained and to keep records of their training which can be done using HIPAAwise™ - The van Halem Group Solution.

​But on the unfortunate chance a breach happens to your organization what are the steps you need to take in order to mitigate the situation?  

1. Have a Plan in Place: The first step is to have a HIPAA Compliance Plan in place so your team knows what to do and the next steps to take. This can help ensure you remain in compliance and all requirements are met.
2. Assess the Situation: You’ll need to determine what actually happened, who it happened to, where and what type of breach was it and what PHI was compromised. Once you’ve reviewed this information you determine the next steps.
3. Contact the Correct People: Your office will need to contact the proper authorities if you believe criminal activity occurred. Your patients will also need to be notified about what happened. You’ll need to include the date of when the breach occurred and was discovered, what happened, what information was exposed, how they can protect themselves, what you’re doing to fix the breach and contact information.
4. Notify U.S. Department of Health and Human Services – You’ll lastly need to inform HHS of the breach. There are certain policies and procedures you’ll need to follow and that information can be found here.

Using HIPAAwise™ - The van Halem Group Solution, you can provided employees with awareness training, establish policies and procedures, keep track of breaches and create the required paper trail if your organization was to be audited. If you have any questions about HIPAAwise™ - The van Halem Group Solution please contact us here.