Skip Navigation

 

Search

Font Size Reduce Text SizeEnlarge Text Size     Print Send this page to printer     Download Reader  Download PDF readerHHS Home|HHS News|About HHS

Health Information Privacy

Office for Civil RightsCivil RightsHealth Information Privacy

OCR Home > Health Information Privacy > HIPAA Administrative Simplification Statute and Rules  > Breach Notification Rule

HIPAA

Understanding HIPAA Privacy

HIPAA Administrative Simplification Statute and Rules

Statute

Privacy Rule

Security Rule

Breach Notification Rule

Other Administrative Simplification Rules

Enforcement Rule

Combined Text of All Rules

Enforcement Activities & Results

How to File a Complaint

News Archive

Frequently Asked Questions

PSQIA

Understanding PSQIA Confidentiality

PSQIA Statute & Rule

Enforcement Activities & Results

How to File a Complaint

Instructions for Submitting Notice of a Breach to the Secretary

The breach notification interim final rule requires covered entities to provide the Secretary with notice of breaches of unsecured protected health information (45 CFR 164.408).  The number of individuals affected by the breach determines when the notification must be submitted to the Secretary.  Please review the instructions below for submitting breach notifications.

Breaches Affecting 500 or More Individuals

Breaches Affecting 500 or More Individuals

If a breach affects 500 or more individuals, a covered entity must provide the Secretary with notice of the breach without unreasonable delay and in no case later than 60 days from discovery of the breach.  This notice must be submitted electronically by following the link below and completing all information required on the breach notification form.  

If a covered entity that has submitted a breach notification form to the Secretary discovers additional information to report, the covered entity may submit an additional form, checking the appropriate box to signal that it is an updated submission.  If, at the time of submission of the form, it is unclear how many individuals are affected by a breach, please provide an estimate of the number of individuals affected.  As this information becomes available, an additional breach report may be submitted as an addendum to the initial report.

For questions regarding the completion and submission of this form, please e-mail OCRBreach@hhs.gov.

Submit Notice of a Breach Affecting 500 or More Individuals 

Hide Details


Breaches Affecting Fewer than 500 Individuals

Breaches Affecting Fewer than 500 Individuals

For breaches that affect fewer than 500 individuals, a covered entity must provide the Secretary with notice annually.  All notifications of breaches occurring in a calendar year must be submitted within 60 days of the end of the calendar year in which the breaches occurred.  Notifications of all breaches occurring after the effective date in 2009 must be submitted by March 1, 2010.  This notice must be submitted electronically by following the link below and completing all information required on the breach notification form.  A separate form must be completed for every breach that has occurred during the calendar year.  

If a covered entity that has submitted a breach notification form to the Secretary discovers additional information to report, the covered entity may submit an additional form, checking the appropriate box to signal that it is an updated submission.  If, at the time of submission of the form, it is unclear how many individuals are affected by a breach, please provide an estimate of the number of individuals affected.  As this information becomes available, an additional breach report may be submitted as an addendum to the initial report.  

For questions regarding the completion and submission of this form, please e-mail OCRBreach@hhs.gov.

Submit Notice of a Breach Affecting Fewer than 500 Individuals 

Hide Details



horizontal line

HHS Home | Questions? | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimers | Inspector General | No FEAR Act | Viewers & Players
The White House | USA.gov | HHS Archive | Pandemic Flu

U.S. Department of Health & Human Services · 200 Independence Avenue, S.W. · Washington, D.C. 20201