Has your practice reported its breach?
45CFR 164.408 requires all covered entities (CE) and Business Associates (BA) to provide the Department of Health and Human Services (HHS) Secretary with notice of breaches of unsecured protected health information. The number of affected individuals determines when the notification must be completed.
Breaches of unsecured protected health information affecting less than 500 individuals must be reported no later than 60 days after the end of the calendar year. For calendar year 2014, your breaches affecting less than 500 individuals must be reported to the Secretary at HHS by February 28, 2015.
The following is the link to the HHS reporting site. The required information is completed online and submitted directly to HHS once the form is completed.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
If you have any questions or need assistance in completing the HHS reporting form, please feel free to contact MedSafe.
Leave a Reply