This tutorial provides an overview of the process for determining whether an impermissible access, use, or disclosure of an individual's protected health information constitutes a breach for which notification must be made under the Health Information Technology for Economic and Clinical Health Act breach notification rule. It also outlines who must receive notice of a breach, the required time frames for notification, and the required contents of breach notifications. Finally, it describes the extent of civil monetary penalties that may be imposed for different categories of violations of the Health Information Portability and Accountability Act of 1996 and highlights the enforcement activity of the Office for Civil Rights to date.
Patricia A. Markus, Esquire
Smith Moore Leatherwood LLP
Note: This tutorial was recorded on June 14, 2012, and published on November 1, 2012, so the information presented is current as of the recording date.