Do I have to report soon on HIPAA?

Provided by: Jennifer Kirschenbaum, Esq.

December 19, 2017

Question:

Hi Jennifer,

Do I have an obligation coming up to report on HIPAA? Thought there was an annual requirement now? What do I do?

Thanks,
Dr. P

Answer:

Yep! It's that time of year again...the time to self-report and hope to dodge review by a government agency! You have until the end of February to report breaches impacting less than 500 people from 2017. For an overview of what you need to know and do, check out the webinar I already have posted on our webinar page, titled :"Is this a HIPAA Breach, and if so, What Now?" -https://www.kirschenbaumesq.com/page/healthcare-webinars (1 over and 1 down).

The trickiest part of the disclosure requirement is being sure you are actually reporting a "breach" and not making a mountain out of a "disclose" molehill. Be sure to give your practice enough time to review any documented disclosures so that you are properly classifying which may actually have been a breach, and which do not actually constitute a breach. Self-reporting is a big deal; if you do not self-report and a patient or employee or other makes a complaint and you had a duty to report, for sure, consequences will be more severe. OCR is looking to make sure covered entities (practitioners) are employing preventative measures when it comes to HIPAA, so proper compliance in the first place, and reporting when necessary are major components to compliance and necessary. (If you just haven't gotten it together yet on compliance, we are offering 10% off all compliance documents until the end of the year - check out https://www.kirschenbaumesq.com/page/practice-compliance.)

All disclosures must be submitted to the Secretary using the Web portal below. You may report all of the breaches affecting fewer than 500 individuals on one date, but you must complete a separate notice for each breach incident. You must submit the notice electronically by clicking on the link below and completing all of the fields of the breach notification form. https://ocrportal.hhs.gov/ocr/breach/wizard_breach.jsf?faces-redirect=true. If necessary, you can later submit a follow up with newly found information regarding a prior report by clicking the link and selecting “Addendum to Previous Report” and using the transaction number provided after its submission of the initial breach report

For general info put out by the government, click here - https://www.hhs.gov/hipaa/for-professionals.

If you just aren't sure a disclosure constitutes a breach, call Jennifer or Michael to discuss. Certain situations will require an assessment.

Ask us a question

Jennifer Kirschenbaum, Esq. Partner

Ask us your questions. We will help if we can & let you know before any charge is incurred.

Jennifer@kirschenbaumesq.com

Educational Webinars

A discussion on Market impact to practice

Preparing for PPP Forgiveness and Patient Care Impacts with Covid 19

Looking for the KK Healthcare Exchange? Click Here.

MISSED OUR RECENT WEBINARS? CLICK HERE ANYTIME!

Looking for HIPAA and compliance forms?
Click here to visit our website.

Have a question or comment for Jennifer?
Contact Jennifer at Jennifer@Kirschenbaumesq.com or at (516) 747-6700 x. 302.

Interested in having Jennifer speak at an event or
at a residency/fellowship program?
Contact Jennifer directly at (516) 747-6700 x. 302 or at Jennifer@Kirschenbaumesq.com

Click here to learn about
K&K's Prepaid Legal Audit/Investigation Defense Now!