Annual Breach Notification Deadline Approaching

 Save The Date card isolated on white background.jpeg

Mark Your Calendar

If you had a breach in 2017 that affected less than 500 individuals, the deadline to notify the U.S. Department of Health and Human Services (“HHS”) is approaching on March 1, 2018. You may have already notified affected individuals and reported the breach to state authorities, but if you have not yet reported it to the federal government you must do so before the March 1 deadline.  Breaches must be submitted via the HHS breach portal found here.  

    Considerable Factors

As a reminder, you should consider at least the following factors when determining if a breach occurred,

  • The nature and extent of the PHI involved, including the type of identifiers and the likelihood of re-identification;

  • The unauthorized person to whom the disclosure was made;

  • Whether the PHI was actually acquired or viewed; and

  • The extent to which the risk to the PHI has been mitigated.

    Determining the Probability
If you can determine through this analysis that there is a low probability the PHI was compromised, then a breach did not occur and notification is unnecessary.  However, if you determine that it was anything higher than a low probability the PHI was compromised, then a breach did occur and must be reported.  If that breach occurred in 2017, and affected less than 500 individuals, the notification to HHS must be before March 1, 2018


Download our free ebook "Top Excuses for Ignoring Cybersecurity"

Screen Shot 2018-01-24 at 1.53.11 PM.png

In this ebook:

  • A look at the increasing risk that healthcare organizations face
  • Statistics that show IT and cyber need more resources and emphasis
  • Easy, actionable tips on improving your security now. 
  • Top cybersecurity trends of recent years