Best practices for handling large-scale HIPAA breaches in research

Emmelyn Kim (ekim@northwell.edu) is Assistant Vice President, Research Compliance & Privacy Officer at The Feinstein Institute for Medical Research, Northwell Health in Great Neck, NY. Cynthia Hahn (chahn@intresearchstrategy.com) is President of Integrated Research Strategy, LLC in East Northport, NY.

Research organizations that are considered covered entities as defined by the Health Insurance Portability and Accountability Act (HIPAA) must establish effective programs that regularly evaluate and mitigate HIPAA Privacy and Security risks. The advancement of technologies requires entities to deploy increasingly sophisticated strategies to effectively monitor and secure their information to minimize exposure. Although many covered entities have developed programs to mitigate these risks, they continue to experience breaches as a result of hacking or IT incidents, improper disposal, loss, unauthorized access or disclosure, or theft.[1] Covered entities should be prepared to investigate and handle any HIPAA breach notifications that may arise (including those from business associates) to ensure prompt reporting to the Office for Civil Rights (OCR) and applicable research-related regulatory authorities, sponsoring agencies, and any affected research participants within specified time periods. In the case of large-scale breaches that impact more than 500 individuals, additional steps are necessary that require a response team to effectively meet requirements of the HIPAA Breach Notification Rule under the Health Information Technology for Economic and Clinical Health (HITECH) Act.[2] This article highlights best practices and practical planning considerations for research organizations to effectively handle large-scale breaches.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field