Deadline to Report 2018 HIPAA Breaches Approaching

January 28, 2019

If you experienced a HIPAA breach that affected fewer than 500 individuals in 2018, the deadline to report that breach to HHS is March 1. You can submit a breach notice by clicking the link below:

Report a breach affecting fewer than 500 individuals

Be aware that once you begin a breach report on the HHS portal, you cannot save the report and return to it later. Having the breach information readily available makes the submission process easier. If you later discover information to add to your report, you can submit an addendum.

The HIPAA breach notification rule requires covered entities to report breaches of unsecured protected health information to:  

  • affected individuals;
  • the U.S. Department of Health and Human Services (HHS); and
  • the local media (in some cases).

The notice must be sent to individuals as soon as reasonably possible, but no later than 60 days after it was discovered.

The timing of notice to HHS depends on the number of individuals affected by the breach.  If the breach involves 500 or more individuals, the covered entity must notify HHS at the same time it notifies the individuals. If the breach involves fewer than 500 individuals, the covered entity must report the breach to HHS no later than 60 days after the end of the calendar year.

Physician practices are encouraged to report all breaches of unsecured protected health insurance to their cyber insurance carrier as soon as discovered.

Questions? Contact TMLT’s PDCS team to speak with one of our HIPAA experts.

Previous Video
What are some of the direct and indirect costs of a data breach?
What are some of the direct and indirect costs of a data breach?

John Southrey, director of consulting services at TMLT, describes the costs - both direct and indirect - of...

Next Article
HHS releases voluntary cyber security practices

HHS released voluntary cyber security practices to the health care industry with the aim of providing pract...

Podcast: Tech, Telemedicine, Tomorrow


Subscribe to CYBER @TMLT for more resources and cyber news.

First Name
Last Name
Are you a physician?
Are you a TMLT policyholder?
Please list your specialty or occupation. - optional
Thank you for subscribing to CYBER @TMLT
Error - something went wrong!