The official deadline for all covered entities to report their HIPAA breaches from 2014 that affected fewer than 500 people is March 1, 2015. All the reports are due to the Department of Health and Human Services by the first of the coming months. All HIPAA covered entities are required to report these breaches using the official form provided by the department. The form can be found on the department’s website.
There have been changes made to the form this year. Organizations are required to disclose whether or not they had certain safeguards, security measures and more in place before the breach. These newer questions may indicate that the department is evaluating changes that may need to be made in light of the huge breach at Anthem. It is undeniable that the security requirements are woefully lacking in today’s age. The security standards set out by the original act are no longer applicable to our new technology.
Covered entities must submit a separate form for each breach that they experienced. With these newer questions, it is safe to say that the department is gather information on the new kinds of security requirements that will have to be put in place in order to protect patient information on all levels.