The IT Law Wiki
Line 11: Line 11:
 
A '''breach''' is the
 
A '''breach''' is the
   
{{Quote|unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.<ref>Pub. L. No. 111-5, §13400(1). Not included in the definition of breach are any [[unintentional]] acquisition, use, or [[access]] of [[PHI]] by an [[employee]] or other [[authorized]] individual of a [[covered entity]] or a business associate done in [[good faith]] and within the scope of [[employment]] or the relationship where such [[information]] is not breached any further; or [[inadvertent disclosure]]s by authorized persons of [[PHI]] within the same facility; and [[information]] received as a result of such [[disclosure]] is not further [[disclose]]d without [[authorization]].</ref>}}
+
{{Quote|[[unauthorized]] acquisition, [[access]], use, or [[disclosure]] of [[protected health information]] which [[compromise]]s the [[security]] or [[privacy]] of such [[information]], except where an [[unauthorized]] person to whom such [[information]] is [[disclose]]d would not reasonably have been able to retain such [[information]].<ref>Pub. L. No. 111-5, §13400(1). Not included in the definition of breach are any [[unintentional]] acquisition, use, or [[access]] of [[PHI]] by an [[employee]] or other [[authorized]] individual of a [[covered entity]] or a business associate done in [[good faith]] and within the scope of [[employment]] or the relationship where such [[information]] is not breached any further; or [[inadvertent disclosure]]s by authorized persons of [[PHI]] within the same facility; and [[information]] received as a result of such [[disclosure]] is not further [[disclose]]d without [[authorization]].</ref>}}
   
 
=== Privacy law ===
 
=== Privacy law ===

Revision as of 04:58, 17 May 2012

Definitions

The term breach has different meanings in different contexts:

Contract law

See breach of contract

HITECH Act

A breach is the

unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.[1]

Privacy law

See data breach; data security breach

Security

See security breach

References

  1. Pub. L. No. 111-5, §13400(1). Not included in the definition of breach are any unintentional acquisition, use, or access of PHI by an employee or other authorized individual of a covered entity or a business associate done in good faith and within the scope of employment or the relationship where such information is not breached any further; or inadvertent disclosures by authorized persons of PHI within the same facility; and information received as a result of such disclosure is not further disclosed without authorization.