HIPAA Small Breach Notification Deadline is March 1, 2020 – The Clock’s Ticking to Submit to HHS/OCR!

By: Lindsay B. Nickle & Bryan M. Thompson

Organizations that experienced a data incident in 2019 affecting the protected health information (PHI) of less than 500 individuals have just a few more days to submit their notification to the U.S. Department of Health & Human Services’ Office for Civil Rights (HHS/OCR).

Under the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, a covered entity or business associate subject to HIPAA is required to report a breach that affected fewer than 500 people to HHS/OCR no later than 60 days after the end of prior calendar year.

This year, a covered entity or business associate has until March 1, 2020 to submit its 2019 small breach reports to the agency.  

Organizations that still need to report an incident to HHS/OCR can do so via the agency’s online portal.

If you have any questions about submitting breach notifications, contact the authors of this post or visit our Data Privacy & Cybersecurity Practice page to find an attorney in your area.

< Previous Post Next Post >


Related Attorneys

Find an Attorney

Each of the Firm's offices include partners, associates and a professional staff dedicated to meeting the challenge of providing the firm's clients with extraordinary service.