Only $2.99/month

Terms in this set (103)

ANSWER: A. The pharmacy is a covered entity, and a covered entity must prominently post and make
ava ilab le its notice on any website it maintains that provides information about its customer services or benefits. HIPAA complaints should be lodged with the Off ice for Civil Rights at the Department of Health and Human Services. The pharmacy must also notify Katie of the breach. This individual notificat ion must be provided without unreasonable delay and in no case later than 60 days following the discover y of the breach and must include, to the extent possible, (1) a brief descript ion of the breach, (2) a description of the types of information that were involved in the breach,
(3) the steps affected individuals should take to
protect them selves from potential harm, (4) a brief description of what the covered entity is doing to investigate the breach, mitigate the harm, and prevent further breaches, and (5) contact information for the pharmacy. Covered ent it ies that experience a breach affecting more than 500 residents of a state or

jurisdiction are, in addition to notifying the affected individuals, required to provide notice to prominent media outlets serving the state or jurisdiction. In addition to notifying affected individuals and the media (where appropriate), covered entities must notify the Secretary of HSS regardless of the size of the breach. If the breach affects 500 or more individuals, covered entities must notify the Secretary without unreasonable delay and in no case later than 60 days following the breach. If, however, a breach affects fewer than 500 individuals, as occurred with Katie's insurance identification card, the covered entity only needs to notify the Secretary of such breaches on an annual basis.