TRENDING:

Annual Breach Reporting Deadline Looms

Smaller Incidents Must Be Reported Soon Howard Anderson (ismg_editor) • February 9, 2012    
Annual Breach Reporting Deadline Looms

With the approaching end of February comes an important annual deadline: The HITECH Act requires submission of reports about smaller healthcare information breaches to federal authorities within 60 days of the end of the calendar year.

See Also: Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

HIPAA covered entities - including hospitals, physician groups, health plans and claims clearinghouses - must report smaller breaches annually to the Department of Health and Human Services' Office for Civil Rights. Smaller breaches are defined as those affecting fewer than 500 individuals. Larger breaches must be reported to OCR within 60 days. And all breaches must be reported to the individuals affected within 60 days.

Instructions on how to notify OCR about breaches of any size are available on the agency's website. Also available is a form for submitting breach notices.

In an annual breach report submitted to Congress last September, OCR reported that about 62,000 individuals were affected by more than 30,500 smaller breach incidents between September 2009, when an interim final version of the HIPAA breach notification rule took effect, and the end of 2010. About 7.8 million individuals were affected by 252 major breaches during that period.

As of Feb. 9, OCR's running tally of major health information breaches since September 2009 stood at 392 incidents affecting more than 19 million individuals.

An omnibus set of regulations, including a final version of the HIPAA breach notification rule, is long overdue, and federal officials have not revealed when the regulations are likely to be published. Meanwhile, the interim final version of the breach rule remains in effect.

Previous
Police Exchange E-mails with Hackers in Sting
Next
A Career in Forensics: 5 Key Steps

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.