Annual Breach Reporting Deadline Looms

Smaller Incidents Must Be Reported Soon
Annual Breach Reporting Deadline Looms

With the approaching end of February comes an important annual deadline: The HITECH Act requires submission of reports about smaller healthcare information breaches to federal authorities within 60 days of the end of the calendar year.

See Also: Live Discussion | Securing Business Growth: The Road to 24/7 Threat Detection and Response

HIPAA covered entities - including hospitals, physician groups, health plans and claims clearinghouses - must report smaller breaches annually to the Department of Health and Human Services' Office for Civil Rights. Smaller breaches are defined as those affecting fewer than 500 individuals. Larger breaches must be reported to OCR within 60 days. And all breaches must be reported to the individuals affected within 60 days.

Instructions on how to notify OCR about breaches of any size are available on the agency's website. Also available is a form for submitting breach notices.

In an annual breach report submitted to Congress last September, OCR reported that about 62,000 individuals were affected by more than 30,500 smaller breach incidents between September 2009, when an interim final version of the HIPAA breach notification rule took effect, and the end of 2010. About 7.8 million individuals were affected by 252 major breaches during that period.

As of Feb. 9, OCR's running tally of major health information breaches since September 2009 stood at 392 incidents affecting more than 19 million individuals.

An omnibus set of regulations, including a final version of the HIPAA breach notification rule, is long overdue, and federal officials have not revealed when the regulations are likely to be published. Meanwhile, the interim final version of the breach rule remains in effect.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.