As a helpful reminder, clients need to be aware that the March 1, 2017 deadline for reporting 2016 HIPAA breaches is fast approaching. March 1, 2017 is the Deadline for Reporting 2016 HIPAA Breaches Affecting Fewer than 500 Individuals by Covered Entities to the OCR.
Each year, covered entities are required to file a report within 60 days of year end if the covered entity experienced a breach during the prior year affecting fewer than 500 individuals.
Breaches affecting 500 or more individuals must be reported by notifying the Secretary of the breach without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach.
The OCR has indicated that is is placing a greater focus on breaches affecting fewer than 500 individuals, and will be investigating these matters and potentially issuing enforcement actions. It is important that covered entities carefully review the contents of their reports prior to filing.
We can answer questions or assist if needed with the breach reporting process. We are also available to address any of your clients’ HIPAA and privacy needs.