Decision Point: Flowchart 7 represents a Framework “scenario analysis” to determine whether or not a Privacy Rule violation has occurred. In this case the PHI in question was purportedly de-identified information. The question is whether the appropriate de-identification process was followed as per the Privacy Rule? If so, then perhaps no violation occurred and therefore Breach Notification would not be triggered. Practices are encouraged to develop their own “scenarios” as they garner additional experience analyzing security incidents.
Looking for a best of breed HIPAA Training?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAA experience?
Comments