The Health Insurance Portability and Accountability Act, or as it is commonly known as HIPAA, was created to set standards nationally. These are in place to protect the personal health information and medical records of individuals as well as give them access easily. As the March 1st deadline for reporting a breach draws closer, knowing if you need to report, what you need to report, and how to do it properly, are all important.
How Do I Know If I Have to Report an Incident?
If you have a breach that has affected 500 or more individuals, you need to report it within 60 days of the discovery of the incident. Breaches that affect less than 500 patients must be reported within 60 days of the end of the year that the breach occurred. So, if you had a breach in February of 2021, and that affected the data of 350 individuals, you have until March 1, 2022, to report it to the Department of Health and Human Services (HHS). One caveat to note, regardless of the size of the breach, all affected individuals must be notified within 60 days of the discovery of the breach. That notification can come in the form of a breach notification letter which outlines the details and how they can monitor their information.
What Do I Need to Know for the HIPAA Breach Notification Form?
- Is this an initial report, or addendum
- You will be asked if you are a covered entity or a business associate
- Date of the breach – both the start/end of the breach and the start/end of the discovery
- How many individuals were affected by the breach?
- What type of breach occurred – theft, hacking, unauthorized access, etc.
- The location of the breach – was it via email, on a laptop, or desktop?
- What information was compromised?
The healthcare industry is a known target for cybercrime. And the risk of a breach continues to rise daily for all businesses. HIPAA Secure Now can help you to navigate the many facets of HIPAA. We can provide support services that will keep you compliant and cyber secure. Let us know how we can help you today!