Compliance Q&A: Annual log of data breaches
Compliance Monitor, January 18, 2012
Q: I would like some direction on the annual log of breaches affecting fewer than 500 individuals to be sent annually to HHS. What information is needed on this log? To exactly whom do we send it? Is there a government form we need to use? Any help would be appreciated.
A: The breach notification rule requires covered entities to provide the Secretary of HHS with notice of breaches of unsecured PHI (45 CFR 164.408). The appropriate forms can be found at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html.
You must report breaches involving fewer than 500 individuals by March 1 of each year at the latest. This can be done all at once or as breaches occur; it is up to you.
For breaches involving 500 or more individuals, notification must be made without "unreasonable delay" and no later than 60 days after the discovery of the breach.
Editor’s note: Chris Simons, RHIA, originally answered this question in the January 2012 issue of the HCPro, Inc. newsletter, Medical Records Briefing. Simons is the director of utilization management and HIM, and privacy officer at Spring Harbor Hospital in Westbrook, ME.
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Nursing responsibilities for managing pain
- Practice the six rights of medication administration
- The consequences of an incomplete medical record
- Prevent dehydration with nursing interventions
- Q&A: Primary, principal, and secondary diagnoses
- Steps for maintaining patient privacy
- Know the medical gas cylinder storage requirements
- Neurological checks for head injuries
- E-mailed
-
- Understand the spine to code back procedures correctly
- Q/A: Correct use of modifier -PT
- Q&A: Use yes/no queries to resolve surgical complication questions
- Get to the heart of cardiac catheterization coding
- Documentation challenges for skin and dermatology coding
- Clinically Speaking: Check CDI efforts related to functional quadriplegia
- Searched