How to Respond to a HIPAA Breach
The primary cause of breaches is usually a lost or stolen computing device, such as laptops, cell phones, and tablets. Many losses are attributed to employee carelessness or employee mistakes, or unintentional actions. The other major cause is third-party involvement; this could be hackers, malicious actors, and so on.
If the perpetrator is identified as an in-house employee, action must be taken. If the breach was accidental, then as a minimum, an education program must be created for the person to learn and understand what has happened, including the repercussions. If the breach was intentional, disciplinary action is needed – up to and including dismissal and reporting to the authorities.
The Final Omnibus rule introduced a number of laws to force healthcare organizations to fully understand what happened during a breach. The nature and extent of the PHI stolen and who gained unauthorized access.
Did you find this useful?