The deadline is quickly approaching for mandatory data breach reporting to the United States Department of Health & Human Services (HHS) under the Health Information Technology for Economic and Clinical Health Act (HITECH Act). Covered entities must report data breaches involving less than 500 individuals to HHS within 60 days following the end of the calendar year in which the breach occurred. Because 2012 is a leap year, covered entities that experienced a data breach involving fewer than 500 individuals in 2011 should submit data breach notification reports to HHS by February 29, 2012.
The reports must be submitted electronically. Please follow these links for the submission form and reporting instructions.