Written by Adnan Raja, Vice President of Marketing for Atlantic.Net
Healthcare firms, like companies of any industry, were rapidly approaching the due dates for their taxes. However, there was another federal deadline that was coming even faster for covered entities (healthcare providers, plans, and data clearinghouses): March 1, 2018, when any smaller data breaches must be reported to the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS). Getting any breach information to the OCR on time was necessary to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
With larger breaches (anything involving 500 or more individuals’ records), covered entities have to act quickly – within 60 days. However, when a breach compromises fewer than 500 patients’ protected health information (PHI), the deadline to report those to the health agency is 60 days following the calendar year when they occurred – which in 2018 was March 1st.