Step 7: Prevent breaches

To safeguard patient health information, workers must know how to implement policies, procedures, and security audits.

HIPAA requires the workforce to be trained on policies and procedures. Staff must also receive formal training on breach notification.

About breach notification:

If a breach is discovered, you must You must notify HHS. Notification obligations differ based on whether the breach affects 500 or more individuals or fewer than 500 individuals. If the number of individuals is uncertain, you should estimate in your initial notification, and submit more accurate information as it becomes available.

Breaches Affecting 500 or More Individuals:

If a breach of unsecured protected health information affects 500 or more individuals, you must notify HHS no later than 60 calendar days from the discovery of the breach. Submit the notice electronically by filling out a form from the HHS website, and completing all of the required fields of the breach notification form (see below tools). You may report all breaches affecting fewer than 500 individuals on one date, but must complete a separate notice for each breach incident.

Tools and Resources for Step 7

You can learn more about breach notification on the website of the Office for Civil Rights.

The electronic form for breach notification must be accessed via the OCR website. It must be filled out and submitted electronically.

Electronic OCR Portal for Breach Notification

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

Train Senior Leaders in Privacy & Data Security Management

November 13, 2023 No Comments

Managing privacy and data security across an organization requires its own expertise — and adequate training designed for privacy managers is essential. In fact, federal

Here’s Guidance on Privacy Security from Remote Locations

November 13, 2023 No Comments

Remote work presents its own set of security risks, relating to the safe keeping of private information. However, the use of Virtual Private Networks and

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

MyHIPAA Guide 2023 Privacy and Security Course Catalog

June 30, 2021 No Comments

Interested in privacy and security training under the Health Insurance Portability and Accountability Act (HIPAA)? Our course catalog includes more than 25 courses on all

Upcoming Events

Username or Email

Password

Keep me signed in

Lost your password?

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY: (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.