[ Tuesday, January 27, 2015 ]


Reporting Breaches of Less Than 500 Individuals: Don't forget that for "small" breaches (those involving less than 500 people), even though you need not report to OCR at the same time you report to the patient, you must still report to OCR during the first 2 months of the next calendar year.  We are about halfway through that reporting period, so don't forget to log those minor breaches.

In other words, if you sent a breach notification to anyone in 2014, and did not at the same time notify OCR, then you need to do so now.  You may have sighed with relief that you did not need to notify OCR (and the media) at the time, and your notification now will not lead to a "wall of shame" posting, but you must still notify OCR.

You can do so by going here and following the link to "Breaches Affecting Fewer Than 500 Individuals."

Jeff [12:50 PM]

If you haven't used the breach reporting tool in a year (very likely), you may be surprised how much it has improved. Someone has really put some work into it.
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template