HIPAA Blog

[ Tuesday, February 22, 2022 ]

Annual "small breach" reporting deadline is approaching: As you should know if you're reading this blog, when you have a breach of unsecured PHI that affects 500 or more people, you have to report to HHS, as well as local media, when you report to affected individuals. When you have a breach of less than 500, you still must provide notice to the individual, but there is no immediate reporting requirement to HHS and local media. But, for those small breaches, you do have to make an annual reporting to HHS.

The "small breach" reporting requirement is that you report all small breaches by the end of February the next calendar year. Thus, you need to report all small 2021 breaches by Monday, 2/28

Reporting to HHS is easy; you can find the reporting forms for both large and small breaches here.

Hat tip: thanks to Rebecca L. Williams and Amy Kabaria of Davis Wright Tremaine for the reminder.

Jeff [6:26 AM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template