Which of the following is considered a breach of PHI?

The situation where a patient's attorney is sent records not authorized by that patient is considered a breach of Protected Health Information (PHI) because it involves the unauthorized disclosure of sensitive patient information. Under the Health Insurance Portability and Accountability Act (HIPAA), PHI is defined as any identifiable health information that is transmitted or maintained in electronic, oral, or written form. When records are sent to an attorney without the proper consent or authorization from the patient, it goes against the legal protections in place to ensure patient privacy and confidentiality.

It's vital for healthcare providers and their employees to maintain strict adherence to laws concerning the sharing of patient information. Unauthorized disclosures can lead to significant compliance issues for organizations and can result in penalties. In contrast, the other scenarios do not meet the threshold for a breach in the same way. For instance, if a nurse sees another patient's record by accident, it could be classified as an error or breach of protocol, but that does not typically involve a disclosure of PHI to an external party.