Imminent Deadline For Submitting Annual Notice of HIPAA Breach

Baker Donelson

Baker Ober Health Law

The deadline for submitting an annual notice of a Health Insurance Portability and Accountability Act (HIPAA) Breach to the Secretary of the Department of Health and Human Services (the Secretary) is quickly approaching.

Pursuant to the HIPAA Breach Notification Rule, covered entities are required to notify the Secretary upon discovery of a Breach of Unsecured Protected Health Information. Breach notification obligations differ based on whether the breach affects 500 or more individuals or fewer than 500.

Covered entities are required to notify the Secretary of breaches affecting more than 500 individuals without unreasonable delay and in no case later than 60 days from the date of discovery of the breach. There are several states which have shorter time frames and the notification to regulators essentially must occur at the same time as the notification to individuals.

For breaches affecting fewer than 500 individuals, while the notification to individuals is made without unreasonable delay or within 60 days of the date of discovery, notification to the Secretary has an extended reporting deadline. These breaches must be filed with the Secretary within 60 days of the end of the calendar year in which a breach was discovered. Thus, all breaches impacting fewer than 500 individuals that occurred in 2021 must be reported by March 2, 2022. They should be submitted on one date, but separate notices for each breach incident are required.

All breach notifications are required to be submitted to the Secretary using a web portal on the HHS website. Given the likely high volume of reports to be made on or about March 2 and past technical issues with portal availability, we strongly advise clients to consider notification as soon as possible and generally at least a week before the deadline.

Now is the time to review your HIPAA incident log and determine whether you have any reporting obligations based on privacy and/or security incidents that occurred in 2021.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Baker Donelson | Attorney Advertising

Written by:

Baker Donelson

Baker Donelson on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.