Decision Tree: Breach Notification
The following is a simplified illustration of some of the steps that a dental practice would take to determine how to respond to a suspected breach of patient information. This tool uses terms such as unsecured, breach, and PHI, which are defined in regulations. For more information, see The ADA Practical Guide to HIPAA Compliance Manual, or visit www.hhs.gov/ocr/privacy.
*This decision tree follows the compromise standard which is effective March 26, 2013 (covered entities must comply by September 23, 2013). The compromise standard replaces the harm standard in the 2009 Breach Notification Interim Final Rule.