End of Year HIPAA Breach Notification Reports Due by March 1, 2014

Covered entities or Business Associates who experienced a Breach of Unsecured Protected Health Information during the calendar year 2013 which impacted less than 500 individuals are required to report the breach to the Office of Civil Rights no later than 60 days following the end of the calendar year (March 1, 2014). This report is required by the HIPAA Breach Notification Rule.

Notifications of Breaches of Unsecured Protected Health Information involving more than 500 individuals should have been submitted to OCR within 60 days of the breach.

Failure to complete the required end of year reporting is considered a HIPAA violation and could result in significant penalties – as much as $1,500,000 per violation.

If you require legal assistance in determining whether you need to make a report or are having difficulty determining the best response to the questions on the form, we can help you determine the most appropriate responses according to your situation.


  1. Great post! Rather interesting to continue to watch the developments of this act over the years. Thanks for the info!

Speak Your Mind