Feb. 29 is Data Breach Reporting Deadline

February 20, 2020 | Eric D. Fader | Cybersecurity | Electronic Health Records | HIPAA | Legislation and Public Policy

The HIPAA Breach Notification Rule requires that smaller data breaches – those involving fewer than 500 patient records – must be reported to the U.S. Department of Health and Human Services (HHS) no later than 60 days after the end of the calendar year in which the breach occurred. This year, the reporting deadline is February 29.

Breaches involving 500 or more records must be reported to HHS within 60 days after discovery. All breach reports, whether large or small, must be submitted on HHS’s breach portal. Late reports may result in financial penalties.

Share this article:
show more

Get legal updates and news delivered to your inbox