The deadline for submitting notice of a breach affecting fewer than 500 individuals is just around the corner. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of Health and Human Services of the breach within 60 days of the end of the calendar year in which the breach was discovered. As a general rule of thumb, we recommend providing notice to the secretary as soon as possible, but no later than March 1, 2017.
Did you know we have tools that can assist you with determining if a breach occurred?
- In our forms section, you have access to a Breach Decision Tool. You should use this form when analyzing a potential HIPPA privacy or security breach. This form will assist you in documenting the required factors of a breach, and assist you in deciding whether breach notification is required under HIPAA.
- The Quick Reference Breach Checklist is another tool you can use to help determine what steps to take, when to report your suspicion of a HIPAA breach and how to mitigate it.
- Our online breach log allows you to log incidents and/or breaches that have occurred throughout the year. Additionally, you may elect to have a certified HCP professional review your submitted breach report for breach determination and breach mitigation services.
How to report your breaches to the Secretary of HHS
You may report all of your breaches affecting fewer than 500 individuals on one date; however, you must complete a separate notice for each breach incident. The notice must be submitted electronically. Click on Submit a Notice for a Breach Affecting Fewer than 500 Individuals and complete all the fields of the breach notification form. Remember, one report should be completed for each breach.
While we can’t complete the notification and attestation for you; we can provide assistance with the notification process. If you are already signed up for our breach determination and breach mitigation services, you may reach out to us for support during this process.
If you have any questions about providing notice to the Secretary please feel free to send us an email at firstname.lastname@example.org or reach us by phone at 855-427-0427.