February 29, 2024 is the deadline by which time Covered Entities who experienced a Breach of Unsecured Protected Health Information (PHI) during calendar year 2023 must notify the Secretary of the U.S. Department of Health & Human Services (HHS).
A Breach is defined as an unauthorized "acquisition, access, use, or disclosure" of unsecured PHI that compromises the security or privacy of the PHI. Pursuant to the 2009 HITECH Act and the 2013 Final Omnibus Rule, Covered Entities, on an annual basis, must electronically report Breaches affecting fewer than 500 individuals to HHS electronically within 60 days of the close of the calendar year. Notifications may be made by completing the form found on the HHS website.
The form requires the Covered Entity to respond to several questions about the Breach including providing a short description of what occurred and how the Breach was resolved. The Covered Entity must also certify that all of the information provided in the form is accurate. Please be advised that not all violations of HIPAA constitute a "Breach" and only violations of HIPAA which rose to the level of a "Breach" need to be reported to HHS. Your Houston Harbaugh, P.C. attorneys are available to assist you in determining whether an incident requires the filing of a report and we can also assist in the notification filing process.
To access the HHS form, click here.
- Affordable Care Act
- Ambulatory Surgery Centers
- CMS Payment Models & Reimbursement Policy
- Elder Care and Midlife Estate Planning
- Fraud and Abuse Compliance
- Health Care
- Health Care Technology and the HITECH Act
- HIPAA Compliance for Health Care Providers
- Medicare Overpayments
- Nonprofit Law
- Professional Licensure and Disciplinary Proceedings
In order to navigate the complicated and ever-changing laws surrounding health care and your business, you need attorneys who understand your challenges. The Pittsburgh health care lawyers at Houston Harbaugh, P.C., have the knowledge and experience to help you manage everyday issues, as well as plan for the future.
Jessica A. Ellel - Practice Chair
Chair of Houston Harbaugh’s Health Law Practice, Jessica works almost exclusively with health care entities and health practitioners. She has extensive experience with:
- Drafting and negotiating physician employment agreements from both the physician and employer perspectives
- Negotiating contracts between physicians and hospitals
- Preparing purchase agreements to govern the sale of medical practices
- Advising on corporate governance issues, from practice formation to dissolution
- Developing comprehensive compliance plans for physician practices, hospitals, third-party billing administrators, and other health care and related entities
- Organizing strategies for compliance with fraud and abuse laws
- Addressing HIPAA compliance
Jessica is especially well-versed in HIPAA compliance and authors numerous client updates and bulletins on the subject. She conducts on-site and remote HIPAA training and also maintains Houston Harbaugh’s HIPAA compliance manual, ” Federal HIPAA Privacy Standards Simplified: A Comprehensive Tool-Kit”.