2021 Breach Notification Deadline Approaching
Each year healthcare organizations must report breaches affecting less than 500 patients to the Department of Health and Human Services (HHS) within 60 days from the end of the calendar year in which the breach occurred. This means that smaller scale breaches that occurred in 2020 must be reported by March 1, 2021 to the HHS. To provide healthcare organizations guidance on how to comply with the HIPAA Breach Notification Rule, the 2021 breach notification deadline is discussed below.
What Is Considered a Breach Under HIPAA?
Under HIPAA, a breach is an incident that has the potential to compromise protected health information (PHI). This includes hacking incidents, unauthorized access to PHI (whether it be an outside party, or a member of your workforce accessing PHI without cause), theft or loss of an unencrypted device with access to PHI, or improper disposal of medical records.
Are There Breaches That Need to Be Reported Before March 1st?
The breach notification deadline only applies to breaches affecting less than 500 patients. Larger breaches, affecting 500 or more patients, must be reported no later than 60 days after discovery.