Handle a Security Breach with These Tools from PAMED

Medical practices have new responsibilities if a patient’s unsecured protected health information (PHI) is released without consent.  

Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, practices are now required to notify patients if the security of their unsecured PHI is breached. Patients do not need to be notified if secured PHI is released. 

Read this article for more information on what is defined as a security breach. 

The tools below will help you notify patients of a breach and offer more information on securing PHI. Tools require Microsoft Word or Adobe Acrobat Reader.

Tools

Description
Breach Notification Letter  A sample letter that can be sent to patients if their PHI has been breached. 
Breach Notification Policy  A sample policy in case of a breach notification. Practices are now required to maintain such a policy. 
Breach Resources for Patients  Resources  on security breaches that can be provided to patients. This is now required in the event of a PHI breach. 
Guide to IPsec VPNs  Standards for securing PHI over a public network 
Guidelines for Media Sanitization  Standards for deleting PHI from information systems. 
Selection and Use of Transport Layer Security Standards on transport layer security (TLS), which protects information that is transferred over the Internet.

Get more tools on complying with privacy requirements and business associate agreements.

Add Your Comments


The Pennsylvania Medical Society encourages lively debate, but please behave courteously and responsibly. Comments that include profanity, personal attacks (including language that could potentially identify an individual), or any other inappropriate, offensive, or illegal material will be removed. For more information, please see our Terms of Use. We do not answer legal questions on line. Members seeking general information about laws and regulations affecting medical practice may call our member resource line, (800) 228-7823.

Display name as (optional):

Comments (max 2000 characters):




Comments: 0



Last Updated: 6/15/2010
From: 
Email:  
To: 
Email:  
Subject: 
Message: