Catherine Boerner (cboerner@boernerconsultingllc.com), President of Boerner Consulting LLC in New Berlin, WI.
I thought it would be a good time to write about privacy breach risk assessments. I often find that as there is turnover in the compliance department, privacy professionals may need a refresher on how to think about and analyze privacy breaches when performing breach risk assessments. Privacy breaches may or may not need to be “reportable” breaches to the patient and the Office for Civil Rights. It is important to remember that an impermissible use or disclosure of protected health information (PHI) is presumed to be a breach unless the covered entity or business associate demonstrates that there is a low probability that the PHI has been compromised.