If you’ve experienced any breaches or incidents in 2023, the OCR must be notified before February 29th, 2024.
Each year, entities regulated under HIPAA must report breaches affecting less than 500 individuals to the Department of Health and Human Services (“HHS”) within sixty days following the end of each calendar year. This means that the Dental Breach Notification Deadline for 2024 to report to HHS these type of breaches occurring in 2023 is February 29th, 2024.
For these breaches, HIPAA requires that covered entities maintain a log or other documentation of breaches of unsecured protected health information. The covered entity can report all breaches affecting less than 500 individuals on the same date but must submit a separate notice for each breach incident to HHS. The covered entity may also report breaches affecting less than 500 individuals at the time they are discovered, as opposed to waiting for year-end. This obligation to report to HHS is in addition to a covered entity’s obligation to notify those individuals affected by a breach, which must be done no later than sixty days after the breach is discovered.
Submissions require detailed information concerning the covered entity involved, as well as each breach, including:
The date the breach occurred;
The date the breach was discovered;
The approximate number of individuals affected;
The type and location of the breach;
The type of protected health information involved;
A brief description of the breach; Safeguards in place prior to the breach;
Actions taken in response to the breach;
and Information about notices provided.
If you’re a small to mid-sized organization, we understand that you’re likely not hiring out a HIPAA Privacy Officer and that the role is probably given to someone who already has a full plate, like the office or practice manager. So, how can you divvy up the work of the HIPAA Privacy Officer so that it’s not a burden to one person? Let’s first talk about what tasks the HIPAA Officer(s) will be responsible for.
Additional Resources:
The world of Dental has been gatekeeping important resources, knowledge, and business-changing power for too long. We’re changing that. Get it Done with Done Desk.
Disclaimer
The Security Risk Assessment Tool at HealthIT.gov is provided for informational purposes only. Use of this tool is neither required by nor guarantees compliance with federal, state or local laws. Please note that the information presented may not be applicable or appropriate for all health care providers and organizations. The Security Risk Assessment Tool is not intended to be an exhaustive or definitive source on safeguarding health information from privacy and security risks. For more information about the HIPAA Privacy and Security Rules, please visit the HHS Office for Civil Rights Health Information Privacy website. NOTE: The NIST Standards provided in this tool are for informational purposes only as they may reflect current best practices in information technology and are not required for compliance with the HIPAA Security Rule’s requirements for risk assessment and risk management. This tool is not intended to serve as legal advice or as recommendations based on a provider or professional’s specific circumstances. We encourage providers, and professionals to seek expert advice when evaluating the use of this tool.
Hi! Want to keep up with Done Desk? We’ll make sure to only send interesting info, no crappy content or fluff. Just the good stuff — promise!
Get In Touch:
info@donedesk.com
(512) 222-3812
Follow Us!
9am - 5pm CST | Mon-Fri
Chat with us in the lower right!
Done Desk™
Software proudly designed and handmade in the USA.
Headquartered in San Antonio, Texas.
100% Staffed by real people in the USA.
Done Desk EDU is an approved PACE Program Provider for FAGD/MAGD credit and AGD Approved Courses
Copyright Done Desk™ 2024