Tomorrow, March 1, 2019, is the deadline for reporting small data breaches (<500) that occurred in calendar year 2018 to the Department of Health and Human Services’ Office for Civil Rights (OCR).
Any HIPAA-covered entities and their business associates are required by the HIPAA Breach Notification Rule to, at least once yearly, report data breaches of fewer than 500 individuals to OCR on or before 60 days after the end of the prior calendar year (March 1). Breaches of over 500 individuals must be reported to the OCR at the same time as patients and the media are notified.
Breaches can be reported online here. Contact your attorneys at The Health Law Partners for assistance reporting, or evaluating if you need to report.