HR Alert

Reminder: Notification of HIPAA Breaches Affecting Fewer Than 500 Individuals Due to HHS by March 1

Notifications to HHS Must Be Submitted Online

HIPAA covered entities are reminded that the deadline to notify the U.S. Department of Health and Human Services (HHS) of breaches of unsecured protected health information affecting fewer than 500 individuals in calendar year 2016 is March 1, 2017.

Among other things, the HIPAA Breach Notification Rule requires HIPAA covered entities to report breaches of unsecured protected health information (PHI). A covered entity's breach notification obligations differ based on whether the breach affects 500 or more individuals or fewer than 500 individuals:

  • If a breach of unsecured PHI affects fewer than 500 individuals, a covered entity must notify HHS no later than 60 days after the end of the calendar year in which the breach is discovered. For calendar year 2016, this generally means that breach notification is due to HHS by March 1, 2017.
  • If a breach of unsecured PHI affects 500 or more individuals, a covered entity must notify HHS without unreasonable delay and in no case later than 60 calendar days from the discovery of the breach.

How to Submit a Breach Notification to HHS
All breach notifications to HHS must be submitted online. Click here for more information and a link to the submission portal.

Login to HRSPI Client Portal
Forgotten PasswordForgot Password
Executive Search Executive Search

Harrassment Prevention

HRSPI offers comprehensive, interactive, AB1825-Compliant training. Programs include introduction to recent anti-bullying legislation.

Latest News

  • Patty Woolcock Co-Authors New Article

    What happens when innovative companies, in Silicon Valley and elsewhere, allow themselves to fall prey to arrogance and pride? Failure to adapt and ultimately, decline of the once successful company.

    <read more>

News Archives

Latest Blog

Blog Archives