To view this email as a web page, go here.

Hall Render Killian Heath and Lyman : Health Law Is Our Business
Impact Series
      KNOWLEDGE CENTER   ||   CONTACT
 

February 26, 2010

HIPAA Breach Notification Reports Due to OCR by March 1, 2010

HIPAA covered entities are required to submit reports of certain breaches under the new Breach Notification Rule to the Office for Civil Rights ("OCR") by March 1, 2010.  Breaches occurring during the time period of September 23, 2009, the effective date of the Breach Notification Rule, through December 31, 2009 are required to be reported at this time.  Reports must be submitted electronically through OCR's breach notification web page at:
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html

The Breach Notification Rule requires covered entities to issue notifications of breaches of unsecured protected health information ("PHI") that compromise the security or privacy of the PHI, unless an exception applies.  In such case, covered entities must notify affected individuals, the media (in certain cases), and OCR.  If a breach affects 500 or more individuals, the covered entity must notify OCR without unreasonable delay and in no case later than 60 days following a breach.  If, however, a breach affects fewer than 500 individuals, the covered entity may notify OCR at the time of the breach or on an annual basis.  Annual reports of breaches affecting fewer than 500 individuals are due to OCR no later than 60 days after the end of the calendar year in which the breaches occurred.

As of January 2010, OCR reports receiving 35 reports of breaches affecting 500 or more individuals, resulting in a total of 712,000 breach notifications to individuals.  Most of these breaches involved the loss or theft of laptops or other portable devices containing unsecured PHI.  OCR has posted these reports of large breaches on its breach notification web page.  OCR also reports receiving over 300 reports of smaller breaches, many of which involved faxing or mailing PHI to the wrong fax number or address.

For additional articles on this topic and other HIPAA topics, please see our "Impact Series" at www.hallrender.com/impact.

If you need additional information about this topic, please contact your regular Hall Render attorney or Elizabeth Callahan-Morris at (248) 457-7854 or ecallahan@hallrender.com.
 
 
Indiana Offices
Suite 2000, Box 82064
One American Square
Indianapolis, IN 46282
(317) 633-4884
 Michigan Offices
Columbia Center, Suite 1200
201 West Big Beaver Road
Troy, MI 48084
(248) 740-7505
 Kentucky
614 West Main Street
Suite 4000
Louisville, KY 40202
(502) 568-1890
 

8402 Harcourt Road
Suite 820
Indianapolis, IN 46260
(317) 871-6222
2390 Woodlake Drive
Suite 380
Okemos, MI 48864
(517) 706-0920
 Wisconsin
111 East Kilbourn Avenue
Suite 1300
Milwaukee, WI 53202
(414) 721-0442
 
hallrender.com 
 
This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader's specific circumstances.  
 
This email was sent to: %%emailaddr%%

This email was sent by: %%Member_Busname%%
%%Member_Addr%% %%Member_City%%, %%Member_State%% %%Member_PostalCode%% %%Member_Country%%


We respect your right to privacy - view our policy

Manage Subscriptions | Update Profile | One-Click Unsubscribe