e-mail Print Share

HIPAA breach reports due March 1

February 05, 2015

By Craig Palmer

March 1 is the deadline for HIPAA-covered dental practices to report 2014 breaches of unsecured protected health information (PHI) affecting fewer than 500 individuals to the U.S. Department of Health and Human Services Office for Civil Rights.

The Health Insurance Portability and Accountability Act requires covered health care entities, which may include dental practices, to inform patients and regulators, and in some cases the media, when they discover a breach involving unsecured PHI. A covered dental practice must notify the OCR of any breach affecting fewer than 500 individuals "within 60 days of the end of the calendar year in which the breach was discovered."

Breaches affecting more than 500 or more individuals must be reported without unreasonable delay and no later than 60 calendar days from the discovery of the breach.

Covered dental practices that have discovered reportable breaches of protected health information may wish to allow sufficient time to gather information about the breaches and complete the online forms. All breach reports must be submitted electronically on the OCR website.

A covered entity dental practice must have a HIPAA compliance program in place.

The ADA Practical Guide to HIPAA Compliance includes information about the HIPAA Breach Notification Rule. The guide uses a plain language, step-by-step process to outline breach notification, privacy and security compliance. The guide also contains a revised sample business associate agreement, a revised sample notice of privacy practices, sample policies and procedures and a glossary of key terms.

A complete ADA HIPAA compliance kit, including the compliance guide and the ADA Practical Guide to HIPAA Training CD-ROM, are available at ADA.org/HIPAA, ADACatalog.org and by calling 1-800-947-4746.