Upcoming Webinars

Site Updates

Disclaimer

The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Menu
Log in


Log in

Breach FAQs

What is considered a breach?

Breach means the acquisition, access, use, or disclosure of PHI in a manner not permitted under the HIPAA rules which compromises the security or privacy of the PHI.

When is an unintentional disclosure not considered a breach?

Any unintentional acquisition, access, or use of PHI by a workforce member or person acting under the authority of a covered entity or a business associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted.

Any inadvertent disclosure by a person who is authorized to access PHI at a covered entity or business associate to another person authorized to access protected health information at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates, and the information received as a result of such disclosure is not further used or disclosed in a manner not permitted under the Privacy Rule.

A disclosure of protected health information where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information.

Can a healthcare provider demonstrate that a breach did not occur?

An acquisition, access, use, or disclosure of PHI in a manner not permitted is presumed to be a breach unless the provider or business associate demonstrates that there is a low probability that the PHI has been compromised based on a risk assessment of at least the following factors:

    • The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
    • The unauthorized person who used the PHI or to whom the disclosure was made;
    • Whether the protected health information was actually acquired or viewed; and
    • The extent to which the risk to the PHI has been mitigated.

Reference

45 CFR § 164.402

About Us

Therapy Comply is a healthcare compliance firm that seeks to bring high quality web-based compliance guidance and one-on-one consulting services to small and medium size physical, occupational, and speech therapy practices.

Learn More 

Join Us

Join today as either a monthly or a yearly member and enjoy full access to the site and a significant discount to our live and recorded webinars.  Members also have access to compliance and billing support.

Join Today 

Find Us


Powered by Wild Apricot Membership Software