Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60 days after the end of the calendar year.

To be safe, covered entities may wish to complete their online reporting through the OCR reporting website by Friday, February 26, 2016.

Tips for reporting:

• Prepare the answers to the questions presented on the online reporting site in advance and not on the fly to reduce the chance of an error or misunderstanding.

• Space out reporting different incidents over several days so you can concentrate and give your full attention to each one.

• Give each incident you are reporting the appropriate time and energy necessary to convey accurate information.

• Prepare the answers carefully and assume that each one will be scrutinized with a critical eye.

Print the completed report for your records and keep it for 6 years.