by Sara Uzer
Article filed in

March 1 deadline for small HIPAA breach notifications

by Sara Uzer

Clock and reminder notes

The deadline to report 2021 protected health information (PHI) breaches that impacted fewer than 500 individuals is March 1, 2022.

Keep reading to learn more about the notification requirements, key details on the fast-approaching deadline, and how to reduce the risk of compromise from the start with HIPAA compliant email.

What is the HIPAA Breach Notification Rule?

The HIPAA Breach Notification Rule makes it mandatory for healthcare providers to report all data breaches involving unsecured PHI. Under the rule, affected individuals must be notified without “unreasonable delay” and “in no case later than 60 days following the discovery of a breach.”

In addition to alerting individuals, covered entities are required to report the incident to the Secretary of the Department of Health and Human Services (HHS). The deadline for this notification varies based on how many people were impacted.

While larger incidents affecting 500 or more individuals must be submitted within 60 days of the event, organizations may report smaller-scale breaches to the HHS on an annual basis.

March 1 deadline 

The deadline for reporting data breaches affecting fewer than 500 individuals is “60 days from the end of the calendar year in which the breach was discovered.”

Therefore, all breaches identified in 2021 that involved the PHI of fewer than 500 individuals must be disclosed to the Secretary of the HHS no later than 11:59 pm on March 1, 2022.

According to the HHS website, covered entities are required to submit the notice electronically by visiting the Office for Civil Rights (OCR) portal and completing the breach notification form fields. All smaller breaches can be reported on one date, but a separate notice must be submitted for each incident.

Stay proactive with Paubox

Covered entities can avoid the hassle of reporting HIPAA breaches by putting the right proactive measures in place from the start. These include conducting employee cybersecurity awareness training, maintaining data backups, and creating a business continuity plan. With email serving as a top threat vector, it is also especially crucial to make stronger email security a priority.

Built to seamlessly integrate with your current email platform such as Google Workspace or Microsoft 365, Paubox Email Suite sends HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages directly in their inboxes without having to navigate any separate passwords or portals.

Paubox Email Suite’s Plus and Premium plan levels also feature advanced inbound email security tools for further protection. Our patent-pending Zero Trust Email feature uses email AI to confirm an email’s legitimacy, while patented ExecProtect quickly intercepts display name spoofing attempts.

Try Paubox Email Suite Plus for FREE today.