HIPAA Huddle

Published October 24, 2017
The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities to provide notification following a breach of unsecured protected health information annually for those effecting less than 500 individuals and because of this Rule, CAO is required to report any breaches that occurred this year that have affected less than 500 individuals by February 28, 2018.

Each Care Center is asked to submit to Corporate Compliance their breach logs by COB January 15, 2018.

If no breach occurred, please submit a breach log with, “no breach occurrences” written across the form.

DOWNLOAD the Breach Notification Log

Notice to the Secretary:

“In addition to notifying affected individuals and the media (where appropriate), covered entities must notify the Secretary of breaches of unsecured protected health information. Covered entities will notify the Secretary by visiting the HHS web site and filling out and electronically submitting a breach report form. If a breach affects 500 or more individuals, covered entities must notify the Secretary without unreasonable delay and in no case later than 60 days following a breach. If, however, a breach affects fewer than 500 individuals, the covered entity may notify the Secretary of such breaches on an annual basis. Reports of breaches affecting fewer than 500 individuals are due to the Secretary no later than 60 days after the end of the calendar year in which the breaches are discovered.”

Source: HHS

https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

Back to Newsletter