|
|
|
|
|
|
by bad416f1f5a2
1303 days ago
|
|
|
Pro tip: https://www.hopkinsmedicine.org/institutional_review_board/h... The breach notification to HHS typically comes from the covered entity. They often have the information on exactly what PHI was out there, how many individuals were impacted, and can provide the right info to HHS. And with my experience in healthcare IT, I can say privacy and compliance officers take reports like this incredibly seriously. Those might not be the right people but getting an email to compliance folks inside the covered entity and saying “here’s a likely breach” will absolutely get the ball rolling. |
|
|