Listen, accidents happen.

And then there are some intentional and neglectful dilemmas that can occur as well, but if you follow the process of what to do to maintain compliance and CORRECT the issues, it can lessen your chances of being financially penalized; if any penalty at all.

The number one thing to remember to help lessen your chances of being penalized is to report the breach. All covered entities must report breaches of all unsecured PHI to HHS.

Listed below we’ve outlined what you need to do if a breach is discovered:

Breaches Affecting 500 or More Individuals

If a breach of unsecured PHI affects 500 or more individuals, as the covered entity, you must notify HHS.gov within 60 calendars days of discovery.[1]

Breaches Affecting Fewer than 500 Individuals

If a breach of unsecured PHI affects fewer than 500 individuals, covered entities must report the discovery within 60 days by the end of the calendar year. [2]

Breaches can be reported upon discovery, but this will buy you a little bit of time.

PLEASE NOTE: All breach discoveries must be reported electronically and require that you notify the affected individuals as well. Go to https://ocrportal.hhs.gov/ocr/breach/wizard_breach.jsf?faces-redirect=true to find additional details.

[1] https://www.hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting/index.html


Since 2001, Simone Harris has developed a solid foundation in administrative healthcare services and business development. She has 20+ years within the healthcare sector and serves as the Executive of Business of Operations and Compliance Officer. Modified Solutions is furnished with professional medical administrative resources that are firmly rooted in compliance, integrity, and experience. To learn more visit https://modified-solutions.com/.