According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?

CIPP-US V1 0 Comments

A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals.

According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?
A . Department of Health and Human Services
B . The affected individuals
C . The local media
D . Medical providers

Answer: D

Explanation:

https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html Following a breach of unsecured protected health information, covered entities must provide notification of the breach to affected individuals, the Secretary, and, in certain circumstances, to the media. In addition, business associates must notify covered entities if a breach occurs at or by the business associate.

Reference: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf (page 6)

Latest CIPP-US Dumps Valid Version with 150 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CIPP-US PDF     CIPP-US Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments