CHA News

Privacy Breach Reports Due March 1

For privacy officers, legal counsel

This post has been archived and contains information that may be out of date.

Federal law requires hospitals and other HIPAA-covered entities to report all 2021 HIPAA privacy breaches affecting fewer than 500 patients to the Office for Civil Rights of the U.S. Department of Health and Human Services (HHS) by March 1.  

Hospitals may have already notified affected patients and the California Department of Public Health but are reminded that they must also report to the federal government by the March 1 deadline.  

Breaches affecting 500 or more patients should have been reported to the federal government at the time of the incident. Information on how to report breaches may be found on the HHS website.