The Office for Civil Rights in the Department of Health and Human Services has added five more organizations to a Web page listing covered entities that have reported breaches of unsecured protected health information affecting more than 500 individuals. OCR launched the page in February with the listings of 47 organizations.

The posting is mandated under the HHS breach notification rule that was authorized under the HITECH Act. Under the rule, notification within 60 days to HHS and the media is required when a breach affects more than 500 individuals. Smaller breaches must be annually reported to HHS. Business associates of HIPAA-covered entities must notify the affected covered entity of breaches.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access