" vulnerability Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘vulnerability’

HIPAA and Heartbleed … Are you automatically in breach?

Tuesday, April 15th, 2014

Under the HIPAA Privacy Rule, a breach is defined as:

Breach means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information.

Based on this definition, merely having been vulnerable to a security exploit (e.g. Heartbleed) does not constitute a beach and does not trigger breach notification law.

So — just because you used a system that was vulnerable to Heartbleed, does not mean that a breach occurred or that any type of reporting is needed. ¬†Imagine if it did … practically everyone would have to report and that would overwhelm Health and Human Services!

Read the rest of this post »