What is considered a breach of HIPAA?

breach is an impermissible use or disclosure (under the Privacy Rule) that compromises the security or privacy of the protected health information.
An impermissible use or disclosure of protected health information is presumed to be a
breach unless the covered entity or business associate, as applicable, demonstrates that there
is a low probability that the protected health information has been compromised based on a
risk assessment of at least the following factors:

  1. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
  2. The unauthorized person who used the protected health information or to whom the disclosure was made;
  3. Whether the protected health information was actually acquired or viewed; and
  4. The extent to which the risk to the protected health information has been mitigated.


For questions or concerns, contact us via the following:
  • Chatbox/window on your Complete Compliance Suite screen.
  • Telephone: 877-560-4261
  • Email: support@epicompliance.com