Mark Your Calendar
If you had a breach in 2017 that affected less than 500 individuals, the deadline to notify the U.S. Department of Health and Human Services (“HHS”) is approaching on March 1, 2018. You may have already notified affected individuals and reported the breach to state authorities, but if you have not yet reported it to the federal government you must do so before the March 1 deadline. Breaches must be submitted via the HHS breach portal found here.
As a reminder, you should consider at least the following factors when determining if a breach occurred,
The nature and extent of the PHI involved, including the type of identifiers and the likelihood of re-identification;
The unauthorized person to whom the disclosure was made;
Whether the PHI was actually acquired or viewed; and
The extent to which the risk to the PHI has been mitigated.Determining the Probability