March 1st, 2022 is the deadline for breach reporting for HIPAA-covered entities and their business associates – and the date is fast approaching!
The HIPAA Breach Notification Rule requirement means that HIPAA-covered entities, as well as any of their business associates, notify the appropriate parties, including the Office for Civil Rights (OCR) Secretary of Health and Human Services of any breach of unsecured protected health information. This year, if a breach occurred in 2021 and affected 500 individuals or less, you have 60 days from the end of the calendar year to report it. That means that March 1st is your deadline – but you can report it any time before then as well.
It should be noted that the procedures for notifying all the required parties vary, and we have outlined those here in more detail.
How Should I Report This?
You can do this via the OCR’s breach portal, but there are reports of this being a time-consuming process, so we advise you not to wait until the last minute to get your information submitted. If you aren’t sure about how to go about this, or any other HIPAA compliance rules and regulations, we can help!
We discuss the Breach Notification Rule and the various components in more detail here, and can also provide you with additional HIPAA support services for your business should you have more questions or want to ensure that you are not only compliant but also cyber-secure! Contact us today!