HITECH Data Breach Reporting Deadline Approaches

It’s time for mandatory data breach reporting to the Office of Civil Rights (“OCR”) under The Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the interim/final breach notification rules.  Yes, it’s February – time for Valentines, cold and snow (in the Northeast anyway), but most importantly, HITECH requires regulated entities (“covered entities”) to report smaller-scale data breaches (those affecting fewer than 500 individuals) to OCR.  These breach reports are due within 60 days following the end of the calendar year in which the breach occurred.   So, covered entities that experienced a breach or breaches involving fewer than 500 individuals in 2011 should make any required reports to OCR by the end of February.  If you are a covered entity with HITECH reporting obligations, the following resources may be helpful: 

*Instructions for notifying OCR of breaches affecting fewer than 500 individuals; and

*Form for submitting notice to OCR.

Even if you did not experience a reportable breach, it is helpful to review the notification form and to become familiar with the type of information that must be gathered and reported in the event of a data breach.  If you have questions about your reporting obligations, the reporting process or HIPAA compliance in general, contact Dianne Bourque, Daria Niewenhous, or the Mintz Levin attorney who generally assists you.

Please see full article below.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin - Health Law & Policy Matters | Attorney Advertising

Written by:


Mintz Levin - Health Law & Policy Matters on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.