What is the term for the unauthorized acquisition or disclosure of PHI?

The term for the unauthorized acquisition or disclosure of Protected Health Information (PHI) is a breach. In the context of healthcare and HIPAA (Health Insurance Portability and Accountability Act), a breach refers to any access or disclosure of PHI that is not permitted under the privacy rules, which can lead to a risk of compromising the privacy and security of that information.

Breach is a critical concept because it has specific implications for entities handling PHI, including notification obligations to affected individuals and potentially regulatory scrutiny. Understanding that a breach indicates not just an unauthorized acquisition, but also a serious failure to protect sensitive health information emphasizes the importance of robust data safeguarding practices in healthcare settings.