For Example:

Yes. When mistakes result in a disclosure of PHI to an unauthorized person, you MUST account for that in the database.


Susan must also report the accidental disclosure to her Privacy Officer.