| These days it’s very important that one | | | | immediately, or for that matter the doctor |
| stays tuned to all the healthcare IT news doing | | | | returning the folder unused. |
| the rounds. So if you are not aware of what | | | | Secondly, in case of an inadvertent beach where |
| doesn’t count as a breach under the new | | | | for instance a nurse gives another nurse |
| HIPAA rules, you should try to educate yourself | | | | information that the second nurse shouldn’t |
| on it because when you do so, you will have a | | | | have, but there is no reasonable risk of further |
| good understanding of whether to report a | | | | use or misuse of the protected health information. |
| disclosure of unsecured protected health | | | | Here each party has authority to access |
| information. | | | | protected health information at the same location, |
| The rules cover the following four exceptions: | | | | but not necessarily the PHI at issue. |
| One exception is if it’s an unintended | | | | Thirdly, when a disclosure that occurs when the |
| acquisition, access or use of protected health | | | | covered entity has a good faith that an |
| information by a person with authority to handle | | | | unauthorized person would not retain the |
| protected health information who is acting in good | | | | information because in a follow-up call, the |
| faith. It’s also excluded if there’s no | | | | recipient agreed to destroy the fax. |
| further acquisition access or use of the protected | | | | Lastly, in case of disclosure, access or use of PHI |
| health information. For instance, if a nurse handed | | | | involving a limited data set that excludes both |
| a doctor the wrong patient folder but retrieved it | | | | birth dates and zip code information. |