HIPAA-covered dental offices must notify the Secretary of the U.S. Department of Health and Human Services (DHHS) of any breaches of protected health information PHI affecting fewer than 500 patients within 60 days of the end of the calendar year in which the breach was discovered. March 1, 2015 is the reporting deadline for breaches that occurred in 2014.
The covered entity may report all of its breaches affecting fewer than 500 individuals on one date, but the covered entity must complete a separate notice for each breach incident. PHI breaches affecting fewer than 500 patients must be submitted to HHS by clicking here.
PHI breaches affecting 500 or more individuals must be reported to affected individuals, the HHS Secretary, and media outlets “without unreasonable delay” but no longer than 60 calendar days. PHI breaches affecting more than 500 patients must be submitted to HHS by clicking here.
Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered dental continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.