| Breach: The term ‘breach’ means the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security, privacy, or integrity of the health information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. The HITECH Act clarifies that an unauthorized activity compromises the privacy or security of PHI or electronic PHI if it poses a significant risk for financial, reputational, or other harm to the individual.
Discovered: A breach of PHI or electronic PHI will be deemed ‘discovered’ as of the first day the Department's workforce member knows of the breach, or by exercising reasonable diligence, would or should have known about the breach.
Protected Health Information (PHI): PHI is individually identifiable information relating to the past, present, or future physical or mental health or condition of an individual, provision of health care to an individual, or the past, present, or future payment for health care provided to an individual.
Unauthorized Acquisition, Access, or Disclosure: The terms ‘Unauthorized Acquisition’, ‘Access’, or ‘Disclosure’ of PHI means such was done in a manner not permitted by the HIPAA Privacy Rule or DMH policy.
Unsecured Protected Health Information: This concept means PHI that is not secured by a technology or methodology standard (as specified in the guidance issued by the Department of Health and Human Services) that renders PHI unusable, unreadable, or indecipherable to unauthorized individuals.
Workforce: includes employees, volunteers, trainees, and other persons whose work performance is under the direct control of DMH, whether they are paid or not.
|
