Late Data Breach Reports Could Lead to Fines for Covered Bodies

by | Feb 15, 2017

In January 2017, the Department of Health and Human Services’ Office for Civil Rights issued a communication to covered entities in relation to the late reporting of data breaches following the announcement of a settlement with Chicago-based healthcare network Presense Health.

This settlement was the first reached with a covered body purely to resolve HIPAA Breach Notification Rule violations. Presense Health had delayed the issuing of breach notification correspondence to patients. Presense Health agreed to settle with OCR for $475,000 to resolve the potential HIPAA breaches.

However, since the OCR released the announcement, there have been a number of times where covered entities have unnecessarily delayed the issuing of breach notification correspondence to patients and data breach reports to OCR.

The January Breach Barometer – made public by Protenus yesterday – shows that 40% of data breaches reported in January 2017 had notifications sent outside of the time limits required by the Health Insurance Portability and Accountability Act’s Breach Notification Rule.

The loss, theft, or exposure of patients’ electronic protected health information places them at an elevated risk of suffering identity theft and fraud. When data breaches are reported quickly patients can take rapid action to protect their identities, secure their accounts, and lessen risks. However, when breach notification letters are delayed for no reason patients face a higher risk of suffering financial losses since mitigations will not be in place.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy