HIPAA toolbox: determining whether to report or not to report

HIPAA Toolbox

This tool is designed to provide guidance for Covered Entities (CEs) and Business Associates (BAs) in analyzing the risk that Protected Health Information (PHI) was compromised such that reporting is required under HIPAA. The contents of this tool are based on federal guidance and law in effect as of the above date. Each situation may have important distinctions not addressed below, and should be analyzed by attorneys familiar with current state and federal law.