The Health Insurance Portability and Accountability Act (HIPAA) requires covered entities to notify affected individuals following the discovery of a breach of unsecured protected health information (PHI). Notification must also be provided to the Department of Health and Human Services (HHS), and, in some cases, to the media.
An impermissible use or disclosure of unsecured PHI is presumed to be a breach unless the covered entity demonstrates through a risk assessment that there is a low probability that the PHI has been compromised. “Unsecured PHI” is PHI that is not secured through the use of a technology or methodology specified by HHS. HHS has specified encryption and destruction as the two technologies and methodologies for securing PHI.
Covered entities should review their HIPAA policies to make sure that they address the breach notification requirements, including the factors that must be considered when determining whether a breach has occurred.
We Make it Easy
Let us take the stress out of managing employee benefits.
Schedule a Call
We’ll ask a few questions, review your current benefits and determine your goals.
Let us Do the Leg Work
Based on your needs and budget, we’ll research all available options and help you select the right plan for your employees and your business.
Bask in the Glory
When you’re confident due diligence has been done, and you’ve selected the right plan it’s time to sit back and relax - or get to everything else on your list.