HIPAA Breach Reporting Rules Deadline Approaches

HIPAA Breach Reporting Rules Deadline Approaches


Published: February 11th, 2021

The HIPAA Breach reporting deadline is less than a month away. Which means any breaches involving 500 individuals or less must be reported to the U.S. Department of Health and Human Services (HHS) no later than Monday, March 1, 2021.

What is a Data Breach? A data breach is considered the impermissible use or disclosure of protected health information. Breaches include unauthorized access by employees and third parties, improper disclosures, the exposure of protected health information and ransomware attacks.

According to the HIPAA Breach Notification Rule, all covered entities and their business associates are required to report any breach of protected health information. It is essential to understand and implement all breach notification requirements or risk incurring financial penalties from the state attorneys general and the HHS’ Office for Civil Rights. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA.

Breach Affecting Less than 500 Individuals

Covered entities are required to report any breaches affecting less than 500 individuals. They are not required to wait until the end of the year and may report them when they are discovered. The covered entity must submit the notice electronically through the link provided below.

Breaches Affecting 500 or More Individuals

For any breaches of unsecured protected health information that affects 500 or more individuals, a covered entity must notify the Secretary of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach.

Attached is the link for the HHS designated portal:

https://ocrportal.hhs.gov/ocr/breach/wizard_breach.jsf?faces-redirect=true

If you have any questions, you may call HHS OCR toll-free at: 1-800-368-1019, TDD: 1-800-537-7697 or send an email to OCRPrivacy@hhs.gov.

 

For further information or assistance on breach notification requirements, contact the experts at MedSafe for a free consultation. MedSafe is the nation's leading one-stop resource for outsourced safety and health compliance solutions in healthcare.

Toll-free: (888) MED-SAFE

www.medsafe.com