The Health Insurance Portability and Accountability Act (HIPAA) specifically protects sensitive information in the healthcare industry. HIPAA provides a lot to protect patient information by establishing a complex and wide-ranging list of guidelines for how information can be handled, how systems should work, and how things should be done inside an organization.
Rapid technological advancements are transforming the healthcare industry, leading to frequent changes in HIPAA compliance requirements. Healthcare providers subject to HIPAA must stay informed of these evolving regulations and be aware of the March 1, 2023, deadline to ensure ongoing compliance.
What are the New Requirements?
Under the HIPAA Breach Notification Rule, all covered entities must report any breaches of unsecured protected health information (PHI) to the Secretary of HHS. It is imperative to disclose every breach, regardless of its size or the number of individuals affected.
The HHS Office mandates that, in the event of a small breach, affecting 500 users or less, the covered entity must notify the Secretary of the breach by 60 days following the conclusion of the calendar year in which the breach was found. Therefore, March 1, 2023, is the cutoff date for disclosing these small data breaches.
HIPAA Standards for Breach Discovery and Knowledge
Per HIPAA standards, a breach is considered to have been "discovered" the moment it is known to the covered entity or when it would have become known with the exercise of reasonable diligence.
The knowledge standard for HIPAA breaches is not limited to specific employees within a company. If any employee or agent (other than the offender) has knowledge of the breach, or if they reasonably should have known of it, the covered entity is considered to have "knowledge" of the breach according to HIPAA standards (HIPAAJournal).
How do I Report a Small Breach?
The Office for Civil Rights (OCR) breach reporting system requires each data breach to be reported individually, including details on the specifics of the breach and the measures taken to resolve it. The reporting process can become time-consuming if a HIPAA-regulated organization experiences multiple minor data breaches in a year. To minimize this burden, it is advisable to report data breaches promptly upon discovery.
The Infiniwiz technical team takes a proactive approach to your cybersecurity. We set up the proper IT protocols and help you implement the employee procedures to keep your data and network safe from online hackers and comply with HIPAA regulations. However, make sure to do your part in staying alert.