Which of the following is a Covered Entity not required to do in response to a breach?

All breaches of PHI, regardless of scale, must be reported to OCR (Office of the Civil Rights).

A _______ is an impermissible use or disclosure under the Privacy Rule that compromises the security or the privacy of the protected health information.

The key determining factor of how to report is whether the number of patient records involved was more or less than 500.

Can the Covered Entity outsourced the execution of the breach notification?

Patients must be notified within 45 days of when the Covered Entity knew about, or should have known about the breach.

Which, of the following, is an example of a breach?

A Covered Entity must notify each patient in writing of a breach is one of the “Requirements of Notification.”

Massive Breaches of PHI must be reported to?

The HIPAA Breach Notification Rule requires HIPAA Covered Entities and Business Associates to provide notification following a breach of unsecured protected health information.

If more than 500 records were impacted, how many days after a breach must a covered entity notify HHS that a breach has occurred?

Improper disposal of old patient’s charts with personal information in it is considered a breach.

Which of the following statement is TRUE?

The purpose of the Breach Notification Rule is to define how and when a Covered Entity must report a breach of PHI

Is the Covered Entity responsible for the notification if a breach occurred?

The following are the examples of breaches except one. Choose the one that isn’t an example of a breach.

The purpose of the Breach Notification Rule is to define how and when a Covered Entity must report a breach of PHI