FAQs
§ 164.402 Definitions. As used in this subpart, the following terms have the following meanings: Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information.
What is 45 cfr 164? ›
The Department of Health and Human Services (HHS) published the Privacy Rule on December 28, 2000, and adopted modifications of the Rule on August 14, 2002. The Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164) provides the first comprehensive Federal protection for the privacy of health information.
What is the definition of unsecured PHI? ›
“Unsecured protected health information” is defined as PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of encryption technologies or methods of physical destruction approved by the Secretary of HHS.
What is the definition of a HIPAA breach? ›
HIPAA's Breach Notification Rule requires covered entities to notify patients when their unsecured protected heath information (PHI) is impermissibly used or disclosed—or “breached,”—in a way that compromises the privacy and security of the PHI.
What are the three exceptions to the definition of breach? ›
There are 3 exceptions: 1) unintentional acquisition, access, or use of PHI in good faith, 2) inadvertent disclosure to an authorized person at the same organization, 3) the receiver is unable to retain the PHI. @
What is CFR Part 45? ›
CFR Title 45 - Public Welfare is one of fifty titles comprising the United States Code of Federal Regulations (CFR). Title 45 is the principal set of rules and regulations issued by federal agencies of the United States regarding public welfare.
What is the HIPAA privacy rule at 45 CFR 160-164? ›
The HIPAA Privacy Rule
The Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an individual's authorization.
What is the 164.402 definition? ›
§ 164.402 Definitions. As used in this subpart, the following terms have the following meanings: Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information.
What are the 3 types of PHI? ›
These include (but are not limited to) spoken PHI, PHI written on paper, electronic PHI, and physical or digital images that could identify the subject of health information. It is important to remember that PHI records are only covered by HIPAA when they are in the possession of a covered entity or business associate.
What is the difference between secured and unsecured PHI? ›
Unsecured PHI is any PHI that is not secured through a technology or methodology specified by HHS that renders the PHI unusable, unreadable, or indecipherable to unauthorized individuals. The only technologies or methodologies HHS has approved to secure PHI are encryption and destruction.
Any form of snooping involving PHI is illegal and is a violation. How does it happen in real life? Well, the California Pacific Medical Center in San Francisco had one such incident. A pharmacist employee had been inappropriately snooping on over 840 patients' medical data for an entire year.
Why is it called HIPAA? ›
The Health Insurance Portability and Accountability Act (HIPAA) was developed in 1996 and became part of the Social Security Act. The primary purpose of the HIPAA rules is to protect health care coverage for individuals who lose or change their jobs.
What does e PHI stand for? ›
Electronic protected health information (ePHI) is protected health information that is produced, saved, transferred or received in an electronic form. In the United States, ePHI management and security is covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.
What is the legal definition of a breach? ›
A breach is a violation of law or when a party fails to perform their part of a contractual agreement.
What are the three types of breaches? ›
In this article, we set out the three major breaches of contract that commonly occur.
- Material Breach. The first and most severe type of breach is a 'material' breach (also known as a 'fundamental breach'). ...
- Minor Breach. It is important to be clear that not all breaches of a contract will be material. ...
- Repudiation.
What is the 45 CFR security rule? ›
The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.
What is Common Rule 45 CFR? ›
Federal Regulation 45 CFR 46 “Protection of Human Subjects”, referred to as the 'Common Rule', is an anchor regulatory text on which investigators and IRBs rely and must comply to protect human subjects in research.
What is the 45 CFR breach notification rule? ›
A covered entity shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected health information has been, or is reasonably believed by the covered entity to have been, accessed, acquired, used, or disclosed as a result of such breach.
What is 45 CFR good cause? ›
(a) Good cause for the late filing of a claim is lateness due to circ*mstances beyond the State's control. (b) Examples of circ*mstances beyond the State's control include: (1) Acts of God; (2) Documented action or inaction of the Federal government.