Information Intersection > Troutman Sanders LLP

HIPAA Breach Notification Deadline Fast Approaching

Posted: February 9, 2017

This is a friendly reminder to all covered entities that, by March 1, 2017, they must report to the Secretary of Health and Human Services any breaches of unsecured protected health information (PHI) that were discovered in 2016 and involved fewer than 500 individuals.

As most, if not all, covered entities know, HIPAA requires covered entities to report all breaches of unsecured PHI to the Secretary. The timeline for reporting, however, differs depending on the scope of the breach.

For any breach affecting more than 500 individuals, the Secretary must be notified without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach.

For breaches involving fewer than 500 individuals, a covered entity must keep a log of these events and report them annually to the Secretary. This annual report must be filed within 60 days following the end of the year and should include all reportable breaches that were discovered in the prior year.

Breaches discovered in 2016 and involving fewer than 500 individuals should be reported to the Secretary through the Office of Civil Rights Breach Portal no later than March 1, 2017.

Should your organization need further advice or assistance, the Troutman Sanders LLP Healthcare team is ready and able to help. Do not hesitate to contact either Steve Gravely or Erin Whaley.


There are no comments yet...

Kick things off by filling out the form below.

Leave a Comment

´╗┐Confirm that you are not a bot - select a man with raised hand: