New Hire Orientation 2021

The Breach Notification Rule

What is a Breach? • Unauthorized use or disclosure that compromises the security or privacy of PHI, violating State or Federal laws. • Breach examples: • Patient given another patient’s prescription and lab order in error • Laptop with unencrypted PHI stolen • PHI faxed/emailed/mailed to wrong number/address • Ransomware or cyber attack • Unattended PHI read/observed/taken by unauthorized person Notification starts with You! • As soon as you are aware of an occurrence, report it to your supervisor immediately • What information was disclosed or accessed • What was the process involved Requires Notification following a PHI Breach to: • Affected individuals • California Department of Public Health

• U.S. Department of Health & Human Services • Media (for breach affecting over 500 people) The Breach Notification Rule • Does patient’s ID not match insurance card info? • Does photo ID not match appearance/age of patient? • Does the ID look altered or fake?

• Does the ID not match what is in our records? • Does the patient say he/she forgot their ID?

IMMEDIATELY NOTIFY PATIENT ACCESS SUPERVISOR OR MANAGER They will help resolve issue with patient.

43