Technical safeguards focus on protecting ePHI through technology. Encryption is a key technical safeguard to ensure ePHI is secure during transmission and storage. Workforce training (A) and risk assessments (D) are administrative safeguards, while physical records security (C) is a physical safeguard.
Under the HIPAA Breach Notification Rule, a breach involving unencrypted ePHI requires: Notification to affected individuals within 60 days, Reporting to the Office for Civil Rights (OCR), Notification to the media if the breach affects more than 500 individuals. The lock status of the car is irrelevant since the ePHI was unencrypted, making the data potentially accessible.
Encryption is a technical safeguard under the HIPAA Security Rule, not a physical safeguard. Physical safeguards focus on protecting physical access to PHI, such as secured areas, locked cabinets, and monitoring through measures like security cameras.
This represents a failure of technical safeguards because access controls (e.g., role-based permissions) were insufficient to prevent unauthorized access to ePHI. Even if the nurse does not share the information, accessing a record without a legitimate reason is a HIPAA violation.
Please select 2 correct answers
To safeguard PHI on mobile devices:
Use encryption to ensure data security (A).
Install antivirus software and firewalls to prevent malware attacks (B).
Require strong passwords or biometric authentication to restrict access (C).
Allowing unrestricted use of personal devices (D) without proper safeguards increases the risk of unauthorized access and breaches.
