[ Tuesday, January 27, 2015 ]
Reporting Breaches of Less Than 500 Individuals
Jeff [12:50 PM]
: Don't forget that for "small" breaches (those involving less than 500 people), even though you need not report to OCR at the same time you report to the patient, you must still report to OCR during the first 2 months of the next calendar year. We are about halfway through that reporting period, so don't forget to log those minor breaches.
In other words, if you sent a breach notification to anyone in 2014, and did not at the same time notify OCR, then you need to do so now. You may have sighed with relief that you did not need to notify OCR (and the media) at the time, and your notification now will not lead to a "wall of shame" posting, but you must still notify OCR.
You can do so by going here
and following the link to "Breaches Affecting Fewer Than 500 Individuals."
Blogger: HIPAA Blog - Edit your Template