Reminder for HIPAA Breach Report - deadline approaching

Provided by: Jennifer Kirschenbaum, Esq.

January 26, 2021

Prepared by Michael Foster, Esq. -

With 2020 finally in the rear view mirror, its time to confirm compliance with the Office For Civil Rights' annual HIPAA breach reporting. Only approximately 33 days left to comply. As a reminder, you (as a covered entity, which if you are on our newsletter and operate a practice, you are) need to determine if you have any reportable breaches. Generally, a breach is an “impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.”

If you believe you have reportable breaches (and you have confirmed with counsel, which we recommend), then you must submit one report for each breach that has occurred. For breaches affecting more than 500 individuals, the covered entity must file a report “without unreasonable delay and in no case later than 60 days following a breach.” For breaches affecting fewer than 500 individuals, a report must be made within 60 days of the end of the calendar year in which the breaches were discovered. Do not wait until the last minute. While the report itself is not long, the content you are providing is extremely important as this is your opportunity to explain what happened and what actions were taken by your practice to rectify the situation and prevent the breach from occurring in the future. Some of the questions on the report that you should be prepared to answer include:

•   contact information for the practice and for a business associate if the breach occurred at or by the business associate;
•   dates the breach started, ended and was discovered;
•   number of individuals affected by the breach;
•   type and location of breach;
•   type of protected health information involved (ex: name, address, social security);
•   description of the breach and actions taken in response to breach
•   safeguards in place prior to the breach;
•   dates notice of breach given.

The link to electronically submit a report (one per breach) is https://ocrnotifications.hhs.gov/.

For more information regarding the annual reporting process, please see OCR’S website available here (http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html), or you can contact me or Jennifer to discuss. We also recommend you reach out to determine if you have anything to report. Remember, an ounce of prevention is worth a pound of cure. Here especially, if you do not report, and a patient complains, a whole can of worms will be opened on the practice, and not manageable earth worms, more akin to the film and its sequels, Tremors.

Michael Foster, Esq. is a senior associate in K&K's healthcare department (6+ years and counting), and can be reached at 516-747-6700 x 308.

Attorney: Michael Foster, Esq.

Ask us a question

Jennifer Kirschenbaum, Esq. Partner

Ask us your questions. We will help if we can & let you know before any charge is incurred.

Jennifer@kirschenbaumesq.com

Educational Webinars

A discussion on Market impact to practice

Preparing for PPP Forgiveness and Patient Care Impacts with Covid 19

Looking for the KK Healthcare Exchange? Click Here.

MISSED OUR RECENT WEBINARS? CLICK HERE ANYTIME!

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com

Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!