Reminder: Notice of 2017 small HIPAA breaches due to HHS soon

Bricker Graydon LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Bricker & Eckler LLP

The deadline to submit notice to the Department of Health and Human Services (HHS) of small HIPAA breaches (those that affected fewer than 500 individuals) discovered in calendar year 2017 is March 1, 2018.

The applicable HIPAA regulation (45 CFR 164.408(c)) provides:

For breaches of unsecured protected health information involving less than 500 individuals, a covered entity shall maintain a log or other documentation of such breaches and, not later than 60 days after the end of each calendar year, provide the notification required by paragraph (a) of this section for breaches discovered during the preceding calendar year, in the manner specified on the HHS web site.

Notice of such breaches should have already been sent to the affected individuals. However, if covered entities waited to notify HHS, they should submit notices soon. Breaches are to be reported using the HHS website.  

Covered entities face additional penalties for failing to report breaches in a timely manner. And, it should be noted that HHS audited for compliance with notice requirements as part of its Phase 2 audits.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bricker Graydon LLP | Attorney Advertising

Written by:

Bricker Graydon LLP
Bricker Graydon LLP
Contact
more
less

Bricker Graydon LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide