February 29, 2020, Deadline for Reporting Small Health Care Data Breaches Approaches

Small health care data breaches – those affecting fewer than 500 patients – that occurred in the 2019 calendar year must be reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) by February 29, 2020.

The HIPAA Breach Notification Rule requires HIPAA-covered entities to report small data breaches either as they occur or within 60 days of the end of the applicable calendar year. Breaches affecting 500 or more patients must be reported to OCR at the time of patient and media notification.

Breaches can be reported online here.

Contact Adrienne Dresevic, Esq. or Clinton Mikel, Esq. at (248) 996-8510 for assistance with data privacy/security matters, for reporting, or evaluating if you need to report.