The first of several new HIPAA rules went into effect Sept. 23 that require patient and Health and Human Services notification following the discovery of a breach of unsecured protected health information (PHI).
Any time a suspected privacy or information security violation occurs, faculty and staff should immediately notify:
- Privacy officers Sheila Wrobel (559-6767 or swrobel@unmc.edu) or Deb Bishop (559-5136 or dbishop@unmc.edu);
- Information security officer Sharon Welna (559-2545 or swelna@unmc.edu); or
- The ITS help desk (559-7700).
The privacy office will further investigate suspected violations to determine if patient notification is required and send notification accordingly.
The types of violations that would likely require patient/HHS notification include:
- The loss of an unencrypted laptop or thumb drive that contains PHI;
- Misdirected mail, e-mail or faxes with PHI to a non-health care related facility or individual; and
- Workforce members who intentionally access medical records of friends, family or others without a job-related need to know such information.
HIPAA enforcement has increased nationally. Federal prosecutors in several other states have recently filed criminal charges against health care workers for improperly accessing patient information.
For more information, contact the privacy office at 559-6767.