Federal law requires hospitals and other Health Insurance Portability and Accountability Act (HIPAA)-covered entities to report all 2019 HIPAA privacy breaches affecting fewer than 500 patients to the Office for Civil Rights of the U.S. Department of Health and Human Services (HHS) by Feb. 29.
Breaches affecting 500 or more patients should have been reported to the federal government at the time of the incident. Information on how to report breaches is available at the HHS website. CHA’s California Health Information Privacy Manual contains a complete discussion of state and federal health information privacy laws, including breach notification rules. For more information and to access the manual, go to www.calhospital.org/privacy.