HIPAA Data Breach Deadline Fast Approaching

Last week, we wrote about the increasing number of healthcare-related data breaches and how important it is for providers to find better ways to protect their patients’ personal healthcare information.

In just a few days – on March 1 – HIPAA-covered entities must submit reports of certain breaches of unsecured protected health information affecting fewer than 500 individuals to the Office for Civil Rights as required by the Breach Notification Rule. This can be done via OCR’s website.

Covered entities are not required to wait until the deadline to report small breaches and can report them any time before the March 1 deadline.

For breaches affecting 500 or more individuals, covered entities are required to report the breach to the U.S. Department of Health and Human Services no later than 60 days following discovery. A breach is considered discovered as of the first day on which any workforce member or agent of the covered entity is made aware of it, or if it would have been known by exercising reasonable diligence. Covered entities must log and notify HHS of any breaches that are discovered by their business associates and report it to the covered entity.

In today’s high-tech world it is more important than ever to make sure that your healthcare organization has proper policies and training in place that address such matters as the use of social media, as well as the use of employer and personnel electronic devices.

To accomplish this, healthcare entities should conduct a risk analysis and audit their patient access process. They also must review their business associate agreements. If a covered entity engages a business associate to help it carry out its healthcare activities and functions, the covered entity must comply with the rules’ requirements to protect the privacy and security of protected health information.

A survey released earlier this month by Accenture found that one in four U.S. consumers (26 percent) have had their personal medical information stolen from technology systems, and half of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average.

As the number of data breaches continues to rise, it’s more important than ever to make sure your organization is protected. We are available to help you to create a compliance program designed to meet your unique needs. Give us a call at 305-358-4500 or send an email to info@vitalehealthlaw.com and let’s discuss how we might be able to assist you.

Posted in

The Health Law Offices of Anthony C. Vitale