Under the HIPAA Breach Notification Rule, what is the presumption when an impermissible use or disclosure of PHI occurs?
-
A
The event is presumed to be a security incident requiring criminal referral
-
B
The event is presumed to be a breach unless the covered entity demonstrates low probability of PHI compromise
-
C
The event requires immediate notification to all affected individuals
-
D
The event is presumed harmless unless the patient files a complaint