Under HIPAA Omnibus final rule a breach is presumed following every impermissible use or disclosure of Protected Health Information (PHI). Covered entities and business associates must demonstrate, through a properly conducted and documented risk assessment, that there is a low probability of compromise of the affected data/PHI.
The following two tabs change content below.
Srini Kolathur, HITPro, CISSP, CISA, CISM, MBA is a result- driven leader. Srini has several years of experience in helping companies effectively comply with regulatory compliance requirements including SoX, PCI, HIPAA, etc. Srini believes and advocates best practices-based security and compliance program to achieve business objectives.