Happy Leap Year! Now, let’s celebrate the once-in-every-four-years event with the most exhilarating and entertaining activity: notifying the OCR of small breaches your practice faced in 2023.
Alright, I’m kidding I’m kidding, while reporting these breaches might not be the most exciting activity, it is very important to notify the OCR of these breaches to ensure proper procedure was followed when things didn’t go as planned.
This notification to the OCR is due 60 days after the end of the following year, according to the Breach Notification Rule. So, for 2024, it will be February 29th or Leap Day.
So, what is a small breach?
You might be asking, what constitutes a small breach? Thankfully, the OCR has specified this for us, and it’s any breach that affects 500 or fewer patients.
Anything more than this requires faster reporting, needing to notify the OCR of the breach within 60 days of the discovery of the breach.
While smaller breaches don’t need to be reported to the OCR as quickly, patients must be aware of their data being affected in a breach, and patients must be notified within 60 days of the practice finding the breach, or even sooner depending on the state.
So, how do I report my small breaches to the OCR?
Another great question! Once again, the OCR has a reporting system in place online here. Each small breach has to be reported separately through the website.
Abyde makes breach reporting easy, with our HIPAA breach logs, which will allow you to log when you experience a breach in your software. After filling out the breach log, we have a Breach Risk Assessment for you to take, and will then generate a report with all the information you need for the OCR breach report.
If you want some help filling out the breach report, you can turn to us, your compliance crew. For Abyde users, call us at 1-800-594-0883 or hit the Help! Alarm button under the gear icon in your Abyde software. We’ll get connected with you immediately and help you navigate the breach.
Then, just make sure you notify the OCR by the due date for those smaller breaches!
So, what else do I need to do?
I’m glad that you’re still interested! Having assigned roles when breaches occur. The reporting of breaches usually falls under the HIPAA Compliance Officer’s list of responsibilities. Having a designated HIPAA Compliance Officer, and in general, having assigned roles in order when a breach or disaster occurs ensures accountability.
So, what now?
Make sure that you have all of your small breaches reported to the OCR by February 29th, 2024. Abyde is here to make this process easy with our easy-to-use software. To learn more about how Abyde simplifies compliance, reach out to info@abyde.com or schedule a demo here.