Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

HHS Issues Form and Instructions for Submitting Notice of a Breach to the Secretary

The Department of Health & Human Services (“HHS”) published an electronic notification form for covered entities to submit notice of a breach of security to the Secretary. The electronic form, available on HHS’ website, is for notification of breaches affecting 500 or more individuals and for breaches affecting fewer than 500 individuals.

The on-line form includes all of the elements required by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act and the related HHS breach regulations. The form also requires covered entities to include contact information for a business associate (where the breach occurred at or by the business associate), the type of breach, the location of the breach, safeguards in place prior to the breach, and the date(s) individual notifications were provided.

If a covered entity discovers additional information related to a breach after submitting notification to the Secretary, the covered entity may submit an updated notification form using the on-line form.