Deadline for Reporting 2019 HIPAA Breaches is Approaching

February 14, 2020


As most of you are aware, all 2019 HIPAA security breaches affecting less than 500 individuals must be reported by covered entities (e.g., providers and health plans) to the Federal Department of Health and Human Services, Office of Civil Rights (“OCR”) prior to February 28, 2020.   If you have not already submitted this information, you may do so by clicking on this link and following the instructions to make the electronic report:

Twist from the New York Attorney General

This year, in New York, the annual HIPAA breach notification requirement comes with a twist.  New York covered entities must now also report all HIPAA breaches to the New York Attorney General within five (5) days of making the report to the OCR.   Reports can be made using the on-line form found at this link:

            *           *           *           *           *

If you have any questions regarding this Alert, please contact the Garfunkel Wild attorney with whom you regularly work.

Click Here to download the Legal Alert.