A few thoughts on HIPAA
Real case scenario. A health care provider’s car gets broken into and private health information (“PHI”) is stolen, along with other items. Next steps? Once the provider determines that a breach of unsecured PHI has occurred (an incidental disclosure of PHI does not constitute a breach), the provider should perform a risk assessment to determine whether the event poses a significant risk of financial, reputational or other harm to the patient.