Despite all that made 2020 an unusual year, data security incidents did not slow down. For organizations that are covered by the Health Insurance Portability and Accountability Act (HIPAA), the deadline to report small incidents is fast approaching. Organizations that experienced a data security incident in 2020, which affected the protected health information (PHI) of less than 500 individuals, have until March 1, 2021 to submit their notification to the U.S. Department of Health & Human Services’ Office for Civil Rights (HHS/OCR).
Under the HIPAA Breach Notification Rule, a covered entity or business associate is required to report a breach that affected fewer than 500 people to HHS/OCR no later than 60 days after the end of the prior calendar year. This year, a covered entity or business associate has until March 1, 2021 to submit its 2020 small breach reports to the agency.
Organizations that still need to report an incident to HHS/OCR should visit the agency’s online portal.
**Please consider nominating our national Data Privacy & Cybersecurity Team for the 2021 Advisen Cyber Risk Awards in any or all of the following categories: Cyber Risk Event Response Team of the Year, Cyber Risk Pre-Breach Team of the Year, and Cyber Law Firm of the Year. Nominations close Friday, February 26. Submit your nominations for Lewis Brisbois here.**
Our Breach Coach Portal is a free, personalized one-stop cyber portal that provides tools and resources to help clients understand exposures, establish a response plan, and minimize the effects of a breach. It also serves as a Crisis Center, providing the pertinent information clients need to respond quickly and effectively to a data breach, privacy violation, or other cyber incident
Our app provides immediate access to our national breach response team. It also provides a number of helpful materials including summaries of all state data breach notification statues, all state information security mandates, and a list of the various services we provide