The deadline for breach submission affecting fewer than 500 individuals is just around the corner. If a breach of unsecured protected health information affects fewer than 500 individuals, a covered entity must notify the Secretary of Health and Human Services about the breach within 60 days of the end of the calendar year in which the breach was discovered. As a general rule, we recommend providing notice to the secretary as soon as possible, but no later than March 1.
Did you know we have tools that can assist you with determining if a breach has occurred?
- In our forms section, you have access to a Breach Decision Tool. You should use this form when analyzing a potential HIPAA privacy or security breach. This form will help you understand what documentation is required and determine whether breach notification is required under HIPAA Security Rules.
- The Quick Reference Breach Checklist is another tool you can use to help when reporting.
- Our online breach log allows you to log incidents and/or breaches that have occurred throughout the year. Additionally, you may elect to have a certified HCP professional review your submitted breach report for breach determination and mitigation services.
How to report incidents to the Secretary of HHS
You may report all breach incidents affecting fewer than 500 individuals by the due date, but you must also complete a separate notice for each incident. The notice must be submitted electronically. Click on Submit a Notice for a Breach Affecting Fewer than 500 Individuals and complete all the fields of the breach notification form. Remember, one report should be completed for each breach.
While we can't complete the notification and attestation for you; we can provide assistance with the notification process. If you are already signed up for our breach determination and breach mitigation services, you may reach out to us for support during this process.
If you have any questions about the HIPAA Security Rule, or breach incidents, please feel free to reach out firstname.lastname@example.org, or reach us by phone at 855-427-0427.