The deadline for reporting small HIPAA breaches that occurred in 2019 is this Saturday, February 29, 2020.
The Federal Health Insurance Portability and Accountability Act (“HIPAA”) requires every covered entity and business associate that knows or should know of a breach of protected health information to report the incident to the U.S. Department of Health & Human Services, Office for Civil Rights. Breaches that affected more than 500 individuals must be reported within sixty (60) calendar days from the date of discovery to the U.S. Department of Health & Human Services, Office for Civil Rights (“OCR”). However, small breaches that affected less than 500 individuals and occurred in 2019 can be documented throughout the year and must be reported by the Saturday deadline. Each incident requires a separate notice to be filed. Failure to comply with HIPAA regulations may result in civil money penalties of as much as $1.5 million as well as exclusion from participation in Medicare.
Although HHS announced earlier in 2019 that it would substantially lower the maximum annual fine for entities that are found guilty of lower-level privacy violations, the lower maximum penalties may be a catalyst for HHS to pursue more “low-hanging fruit” in order to maintain the average settlement monies received for such violations. In fact, Roger Severino, Director of the OCR “[expects] that the number of cases brought to enforcement will also be fairly substantial this year.” In 2019, the total amount of settlement dollars for violations of HIPAA totaled approximately $12.3 million. A breach notification must be filed online through the Office for Civil Rights’ portal. The following information will be required to complete the breach notification: type of breach, type of protected health information involved in the breach, and action taken in response to the breach.
How Frier Levitt Can Help
Covered entities and business associates must ensure that they are in proper compliance with HIPAA privacy and security rules. Frier Levitt has extensive experience in assisting clients with all aspects of HIPAA compliance, including breach notification and reporting requirements. Of equal importance is the review and revision of a practice’s plans and policies to ensure compliance with HIPAA. For assistance with filing or additional information on HIPAA requirements, contact Frier Levitt.
