HIPAA Breach Reporting Deadline Approaching!
The annual HIPAA Breach Reporting Deadline is fast approaching, and behavioral health professionals need to take note!
The HIPAA breach reporting deadline this year is March 1st. But what is considered a breach under HIPAA regulation? And what kinds of breaches need to be reported?
Understanding the HIPAA Breach Reporting Deadline
As a part of the HIPAA Breach Notification Rule, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) sets specific rules for actions that must be taken in the event of data breaches of protected health information (PHI). PHI is defined in HIPAA regulation as any demographic information that can be used to identify a patient. Common examples of PHI include name, address, date of birth, telephone number, Social Security number, insurance information, and full facial photos, to name a few.
Under the HIPAA Breach Notification Rule, HHS has identified two different kinds of PHI breaches:
- Minor Breaches are PHI breaches that have affected fewer than 500 individuals in a single jurisdiction.
- Meaningful Breaches are PHI breaches that have affected more than 500 individuals in a single jurisdiction.
Under the law, Meaningful Breaches are considered particularly serious. The HIPAA breach-reporting deadline for Meaningful Breaches is within 60 days of the discovery of the breach.
However, Minor Breaches have different protocols.
The HIPAA Breach Notification rule mandates that ALL Minor Breaches that have occurred over the course of a given calendar year must be reported NO LATER than 60 days after the calendar year has ended (that is, 60 days from December, 31st of a given year).
The 2018 HIPAA breach reporting deadline falls on March 1st, which is 60 days from the end of 2017.
Over the course of the year, HIPAA mandates that your organization monitor, track, and investigate ALL PHI breaches, regardless of the size of the breach. Behavioral health professionals can use HIPAA compliance software to monitor and document breaches throughout the year–and help respond to HIPAA audits, should they occur. Documentation that your practice has gathered should be collated and reported on the HHS breach notification portal.
In 2017, the first HIPAA settlement in history occurred for a violation of the HIPAA Breach Notification Rule–a shocking confirmation that this kind of enforcement is likely to become mainstream in the years ahead.
Read about the settlement here, and be sure to use the HHS Breach Reporting Portal here to report your 2017 minor breaches!
Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.
Compliancy Group’s team of expert Compliance Coaches® field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including full documentation of PHI breaches.
With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.
Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.