Unauthorized Disclosures Of Information - Oak Creek Insurance Agency

Ensure Privacy & Security

Your organization must notify people if a breach (or potential breach) of privacy or security of protected health information occurs. A breach is defined as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information such that the use or disclosure poses a significant risk of financial, reputational, or other harm to the affected individual.”

Following a breach, covered entities must notify affected individuals, the Secretary of Health and Human Services, and, in some cases, the media.

In addition, if a business associate experiences an unallowable release of protected health information, it is required to notify the health care provider organization that transmitted the information about the disclosure. The provider, in turn, must make the required notification to the Government and media, as appropriate.

There are three exceptions to the definition of breach. Disclosure under these circumstances is not considered a breach:

By a workforce member acting under the authority of a covered entity or business associate.
From a person authorized to access protected health information to another person authorized to access protected health information. In both cases, the information cannot be further used or disclosed in a manner not permitted by the Privacy Rule.
When there is a reasonable expectation that the recipient would not have been able to retain the information.