Did your organization discover a HIPAA breach in 2018 that affected fewer than 500 people? If so, you have until March 1 to report the breach to the Office for Civil Rights ("OCR").
The HIPAA Breach Notification Rule requires covered entities to notify OCR of breaches of unsecured protected health information affecting fewer than 500 individuals within 60 days of the end of the calendar year in which the breach was discovered. This year, the deadline for such breaches discovered in 2018 is March 1, 2019.
Breaches can be reported online here. It's not possible to save reports before submitting them, so be prepared to fill out the full report and submit at the same time. You can see a sample of the report and the questions you'll be asked here. Note that if your organization discovered more than one breach in 2018 that affected less than 500 individuals, you must complete a separate report for each breach incident.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.