Q: We’ve had a breach of unsecured PHI regarding an out-of-state patient. What is your recommended first step in terms of which breach notification laws—state vs. federal—we need to comply with?
Q: If you discover that you have accidentally accessed a patient’s information on your facility’s computer system, what’s the best course of action? Who should you notify first? Are you at risk of being in trouble if you looked at the information before realizing the error?