HIPAA Security Incident Definition

A HIPAA security incident involves the failure of security controls to work as intended..  

There are several examples of what could be considered as a HIPAA incident.

For instance, a computer getting a virus (anti-virus should have caught it), a hard drive failing (the hardware should have predicted it) or a person using old, unnecessary access to systems (the helpdesk should have turned it off). 

All breaches start as security incidents for HIPAA, but most HIPAA incidents don’t escalate to breaches.