Three Gateway Center
401 Liberty Ave.
 22nd Floor
Pittsburgh, PA 15222
Fax: 412-281-4499
Pittsburgh Law Office Map

Phone: 412-281-5060

Houston Harbaugh Blog

Annual Filings Deadline for Breaches of PHI is March 1, 2018

March 1, 2018 is the deadline by which time Covered Entities who experienced a Breach of Unsecured Protected Health Information (PHI) during calendar year 2017 must notify the Secretary of the U.S. Department of Health & Human Services (HHS).

A Breach is defined as an unauthorized “acquisition, access, use, or disclosure” of unsecured PHI that compromises the security or privacy of the PHI. Pursuant to the 2009 HITECH Act and the 2013 Final Omnibus Rule, Covered Entities, on an annual basis, must electronically report Breaches affecting fewer than 500 individuals to HHS electronically within 60 days of the close of the calendar year. Notifications may be made by completing the form found on the HHS website:

The form requires the Covered Entity to respond to several questions about the Breach including providing a short description of what occurred and how the Breach was resolved. The Covered Entity must also certify that all of the information provided in the form is accurate.

Please be advised that not all violations of HIPAA constitute a “Breach” and only violations of HIPAA which rose to the level of a “Breach” need to be reported to HHS. Your Houston Harbaugh, P.C. attorneys are available to assist you in determining whether an incident requires the filing of a report and we can also assist in the notification filing process


FindLaw Network
Subscribe To Our Blog

Subscribe To Our Blog

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!