Mitigation

From Clinfowiki
Revision as of 23:48, 25 November 2015 by Nneka.nwaeme (Talk | contribs)

Jump to: navigation, search

According to the Federal Emergency Management Agency (FEMA),” mitigation is the effort to reduce loss of life and property by lessening the impact of disasters.” It involves taking immediate action to reduce adverse human and financial consequences. These actions include analyzing risk, reducing risk and insuring against risk. [1]

Under HIPAA’s privacy rule at 45 C.F.R. § 164.530(f), a covered entity must mitigate, to the extent possible, any harmful effects that are known to the covered entity and that result from a use or disclosure of personal health information (PHI) in violation of its own privacy policies and procedures or the Privacy Rule by the covered entity or its business associates. Therefore, mitigation is required, where feasible, for known harmful effects caused by the covered entity’s own workforce misusing or disclosing electronic PHI or by such misuse or wrongful disclosure by a health information organization that is a business associate of the covered entity. While appropriate steps to mitigate harm caused by an improper use or disclosure in an electronic environment will vary based on a sum of the circumstances, some mitigation steps to consider include: [2]

  • Identifying the cause of the violation and amending privacy policies and technical procedures, as necessary, to guarantee it does not happen again;
  • Contacting the network administrator, as well as other potentially affected entities, to try to salvage or otherwise limit the further distribution of improperly disclosed information;
  • Notifying the individual of the violation if the individual needs to take self-protective measures to ameliorate or avoid the harm, as in the case of potential identify theft.

References

  1. https://www.fema.gov/what-mitigation
  2. http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/accountability.pdf