View all text of Subchapter III [§ 17921 - § 17953]
§ 17921. DefinitionsIn this subchapter, except as specified otherwise:
(1) Breach
(A) In general
(B) ExceptionsThe term “breach” does not include—
(i) any unintentional acquisition, access, or use of protected health information by an employee or individual acting under the authority of a covered entity or business associate if—(I) such acquisition, access, or use was made in good faith and within the course and scope of the employment or other professional relationship of such employee or individual, respectively, with the covered entity or business associate; and(II) such information is not further acquired, accessed, used, or disclosed by any person; or
(ii) any inadvertent disclosure from an individual who is otherwise authorized to access protected health information at a facility operated by a covered entity or business associate to another similarly situated individual at 1
1 So in original. Probably should be followed by “the”.
same facility; and(iii) any such information received as a result of such disclosure is not further acquired, accessed, used, or disclosed without authorization by any person.
(2) Business associate
(3) Covered entity
(4) Disclose
(5) Electronic health record
(6) Health care operations
(7) Health care provider
(8) Health plan
(9) National Coordinator
(10) Payment
(11) Personal health record
(12) Protected health information
(13) Secretary
(14) Security
(15) State
(16) Treatment
(17) Use
(18) Vendor of personal health records
(Pub. L. 111–5, div. A, title XIII, § 13400, Feb. 17, 2009, 123 Stat. 258.)