Header graphic for print
HealtHITech Law HIPAA, HITECH and Beyond

Reminder: Report 2016 HIPAA Breaches By March 1, 2017

Posted in Breach

Covered entities which experienced a HIPAA breach in calendar year 2016 are required to report all such breaches affecting fewer than 500 individuals to OCR by Wednesday, March 1, 2017. The reports must be submitted via OCR’s online portal, available here. This yearly reporting obligation is in addition to the requirement to report large breaches — those affecting 500 or more individuals — within 60 days of discovering the breach.

This is also an appropriate time to review and update breach notification policies and procedures to make sure that covered entities have in place the appropriate mechanisms to notify OCR timely and appropriately.