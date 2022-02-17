NEW YORK, Feb. 17, 2022 /PRNewswire/ -- Compliancy Group reminds healthcare businesses to report breaches to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The HIPAA Breach Notification Rule requires organizations to report breaches affecting patients' protected health information (PHI).
Although large breaches have stricter reporting deadlines (they must be reported within 60 days of discovery), breaches affecting less than 500 patients must be reported within 60 days from the end of the calendar year. So any breach that occurred in 2021 and affected less than 500 patients must be reported by March 1, 2022.
Throughout the calendar year, businesses should keep a list of these more minor breaches to be reported by the March 1st deadline.
"Breach notification is a key aspect of HIPAA compliance that can be easily overlooked. The HHS takes breach notification seriously and penalizes businesses when they fail to report breaches or delay breach notification, leading to HIPAA violations and fines" - Marc Haskelson, President and CEO, Compliancy Group.
What constitutes a reportable breach?
There are several types of incidents that are considered reportable breaches, including:
- Hacking or IT incidents
- Unauthorized access or disclosure of PHI
- Theft or loss of an unencrypted device with access to PHI
- Improper disposal of medical records
About Compliancy Group:
Compliancy Group gives healthcare professionals confidence in their compliance plan, increasing client loyalty and profitability of their business while reducing risk. With newly designed software, becoming HIPAA compliant has never been easier. Find out more about Compliancy Group and HIPAA compliance. Get compliant today!
Contact:
Joe Bilello
joe@compliancygroup.com
SOURCE Compliancy Group
© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
