Kern Medical New Associate Orientation Guide

The Breach Notification Rule

What is a Breach?

Unauthorized use or disclosure that compromises the security or privacy of PHI, violating State and/or Federal laws.

Breach examples include:

• Patient given another patient’s prescription and lab order in error.

• Laptop with unencrypted PHI is stolen.

• PHI faxed/emailed/mailed to wrong number/address.

• Ransomware or cyber-attack occurs.

• Unattended PHI read/observed/taken by unauthorized person.

Notification Starts With You!

• As soon as you are aware of a breach occurrence, report it to your supervisor immediately.

o What information was disclosed or accessed?

o What was the process involved?

• Kern Medical requires notification to:

Affected individuals

o

o California Department of Public Health

o U.S. Department of Health & Human Services

o Media (for breaches affecting over 500 people)

56