HIPAA Security Breach Report

This checklist has been designed to be used when there is a security breach exposing protected information of patients (PHI or ePHI). The HIPAA Security Rule requires the protection of all PHI of patients and strict protocols are to be followed in the event of any breaches.

Download as free PDF

Library
Healthcare
HIPAA Security Breach Report

Basic Details

Identification

7. If a breach of unsecured protected health information affected 500 or more individuals, was the Secretary of the breach notified by a covered entity without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach?

Photo Comment

Risk Mitigation Measures

Reporting

Final Steps

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Seeing is Believing

Get a live demo customized to your unique needs, or get started with a 14-day FREE trial.

HIPAA Security Breach Report

This checklist has been designed to be used when there is a security breach exposing protected information of patients (PHI or ePHI). The HIPAA Security Rule requires the protection of all PHI of patients and strict protocols are to be followed in the event of any breaches.

1. Company Name

2. Company Address

3. Head of IT Security - Name

4. Are you the covered entity or a business associate?

1. Provide a concise summary of how the breach was initially discovered (this should be written by the individual who discovered the breach, or transcribed as it is described verbally).

2. State the nature and extent of the PHI involved

3. Detail the nature and extent of the PHI involved.

4. Details of the unauthorized person to whom the disclosure was made (name and other details).

5. Was the PHI acquired or viewed by the unauthorized person?

6. Were 500 or more individuals were affected by the breach?

7. If a breach of unsecured protected health information affected 500 or more individuals, was the Secretary of the breach notified by a covered entity without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach?

8. For breaches affecting fewer than 500 individuals, a covered entity is not required to wait until the end of the calendar year to report and may report such breaches at the time they are discovered.

1. Detail the extent to which the risk to the PHI has been mitigated.

2. What measures have been taken to minimize damage as a result of the breach?

3. To what extent has the risk of damage been mitigated?

1. The covered entity notified within 60 days of discovering the breach?

2. Were affected individuals informed regarding the breach either by the covered entities or the assigned business associates?

3. Please enter details regarding how and when the covered entity was notified.

4. When was the notice filed to the Secretary of the HHS?

5. Did the covered entity submit the notice electronically, completing all of the fields of the breach notification form?

6. File the notice to the Secretary of the HHS (within 60 days)

7. The covered entity must submit the notice electronically by clicking on the link below and completing all of the required fields of the breach notification form.

1. Ensure all of the breach documentation is safely stored.

2. What measures have been taken to ensure safe storage of breach documentation?