Decision Tree: Breach Notification
The following is a simplified illustration of some of the steps that a dental practice would take to determine how to respond to a suspected breach of patient information. This tool uses terms such as unsecured, breach, and PHI, which are defined in regulations. For more information, see The ADA Practical Guide to HIPAA Compliance Manual, or visit www.hhs.gov/ocr/privacy.
*This decision tree follows the compromise standard which is effective March 26, 2013 (covered entities must comply by September 23, 2013). The compromise standard replaces the harm standard in the 2009 Breach Notification Interim Final Rule.
The foregoing was prepared by the ADA Division of Legal Affairs. Its purpose is to promote awareness of legal issues that may affect dentists and dental practices. This document is not intended to provide either legal or professional advice, and cannot address every federal, state, and local law that could affect a dentist or dental practice. Because the law varies from jurisdiction to jurisdiction, and sometimes changes more rapidly than these materials, we make no representations or warranties of any kind about the completeness, accuracy, or any other quality of the information in the above piece. Nothing here represents advice or opinion as to any particular situation you may be facing; for that, it is necessary to consult directly with a properly qualified professional or with an attorney admitted to practice in your jurisdiction for appropriate legal or professional advice. To the extent the above includes links to any websites, the ADA intends no endorsement of their content and implies no affiliation with the organizations that provide their content. Nor does the ADA make any representations or warranties about the information provided on those sites, which we do not control in any way.
© 2013 American Dental Association. All Rights Reserved.
Revised June 7, 2013