As most of you are aware, all 2019 HIPAA security breaches affecting less than 500 individuals must be reported by covered entities (e.g., providers and health plans) to the Federal Department of Health and Human Services, Office of Civil Rights (“OCR”) prior to February 28, 2020. If you have not already submitted this information, you may do so by clicking on this link and following the instructions to make the electronic report: https://ocrportal.hhs.gov/ocr/breach/wizard_breach.jsf?faces-redirect=true
Twist from the New York Attorney General
This year, in New York, the annual HIPAA breach notification requirement comes with a twist. New York covered entities must now also report all HIPAA breaches to the New York Attorney General within five (5) days of making the report to the OCR. Reports can be made using the on-line form found at this link: https://formsnym.ag.ny.gov/OAGOnlineSubmissionForm/faces/OAGSBHome
Should you have any questions regarding the above, please contact the Garfunkel Wild attorney with whom you regularly work, or contact us at [email protected].