Kern Medical New Hire Guide 2024

The Breach Notification Rule What is a Breach? Unauthorized use or disclosure that compromises the security or privacy of PHI, violating State and/or Federal laws. Breach examples include: • Patient given another patient’s prescription and lab order in error. • Laptop with unencrypted PHI is stolen. • PHI faxed/emailed/mailed to wrong number/address. • Ransomware or cyber-attack occurs. • Unattended PHI read/observed/taken by unauthorized person. Notification Starts With You! • As soon as you are aware of a breach occurrence, report it to your supervisor immediately. o What information was disclosed or accessed? o What was the process involved? • Kern Medical requires notification to: o Affected individuals o California Department of Public Health

o U.S. Department of Health & Human Services o Media (for breaches affecting over 500 people)

59