HIPAA Housekeeping - Don't Forget Your Annual Report of Small Breaches


If you are a "covered entity" under the Health Insurance Portability and Accountability Act ("HIPAA") and suffer a breach of protected health information, one of your first reactions should be to count the number of affected individuals, in order to determine whether you must report the breach to the HIPAA enforcement agency (the US Department of Health and Human Services Office for Civil Rights, or "OCR") at the same time you notify the affected individuals. If the breach involves 500 or more individuals, you must report the breach to OCR at the same time, and your entity's name will appear on OCR's "Wall of Shame" of "large" breaches.

However, you aren't entirely relieved of notifying OCR just because the breach involves fewer than 500 individuals; rather, every covered entity is required to report each "small" breach within 60 days of the end of the calendar year in which the breach occurred. In other words, before March 1 of this year, covered entities should review their HIPAA records from last year and determine if they had any reportable breaches and, if so, report those breaches to OCR.

Reporting small breaches is relatively easy and painless, but each breach can take 10 minutes or more to input on the form provided on OCR's website, which can be found HERE. Once at that website, click on "Breaches Affecting Fewer than 500 Individuals," then click on "Submit Notice of a Breach Affecting Fewer than 500 Individuals."

Topics:  Compliance, Covered Entities, Enforcement, Healthcare, HHS, HIPAA, OCR

Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Walker | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »