Reader Question: Is it a Breach if PHI Doesn't Leave the Facility?
Question: An employee at our hospital accessed records for which he had no legitimate reason to do so. He didn’t tell anyone outside our hospital about any of the information he accessed. Is this still a reportable breach incident, even though the information didn’t leave our hospital?
Answer: To determine the answer, you must go back to the definition of a breach, which is any acquisition, access, use or disclosure in violation of the HIPAA Privacy Rule, says Jim Sheldon-Dean, founder and director of compliance for Lewis Creek Systems LLC in Charlotte, VT.
In this situation, &ldquo...
To read the full article, sign in and subscribe to tci Medicare Compliance & Reimbursement.
Keep pace with evolving Medicare regulations — and onboard your team — with timely analysis of critical updates interpreted in an easy-to-follow, easy-to-apply format. Your subscription to TCI's Medicare Compliance & Reimbursement Alert will equip you to navigate code and guideline changes, CCI edits, and revisions to modifiers, payer policies, the fee schedule, OIG target areas, and more.
Current newsletters added each month
Fully searchable archives - over 4200 articles
ALL years/issues back to 2003 organized by year and issue
Codes mentioned in articles are linked to Code Information pages
Code Information pages link back to related articles
Access to this feature is available in the following products: