Overview: The Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA, has requirements for Healthcare Covered Entities to conduct a Breach investigation when a patient’s record has been compromised. In order to meet the requirements of the Federal Government, each organization has to conduct a Breach Investigation. Sometimes, there is grey area as to whether or not a situation is or is not a breach, but the law is very clear.
In January of 2013, the Government released the HIPAA Omnibus Final Rule which changed the definition of a Breach, and some of the definitions and requirements for Health Care Covered Entities. Every breach, regardless of how many individuals records have been affected, has to be reported to the Federal Government at some point in time. Depending on the circumstances, the Government may wish to conduct their own investigation of a breach.