With the New Year underway, the deadline is quickly approaching for HIPAA covered entities to file their annual breach reports with the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”).
While breaches involving 500 or more individuals must be reported no later than 60 calendar days from the date of discovery, breaches involving less than 500 individuals can be documented throughout the course of the year and submitted 60 days after the end of the calendar year.[1] This means that covered entities have until February 28, 2018 to complete their annual breach reporting obligations.
If you need assistance completing or filing your breach reports, please contact your usual Husch Blackwell attorney.
[1] 45 C.F.R. §§ 164.408(b),(c), available at https://www.law.cornell.edu/cfr/text/45/164.408.