Critical HIPAA Reporting Deadline

A significant HIPAA reporting deadline is fast approaching for all covered entities. 

For small breaches (affecting fewer than 500 individuals), a covered entity must notify the OCR within 60 days of the calendar year in which the breach was discovered.  For 2022 reporting purposes, the deadline is March 1, 2023.   While covered entities are not required to wait until the end of the calendar year to report small breaches, they must be submitted within this time frame.  Separate notice must be submitted for each small breach not previously reported in the 2022 calendar year.  Notice for a breach affecting fewer than 500 individuals can be submitted here.

Additional information on HHS breach reporting requirements can be found here.

In the event of a breach or data compromise, the Constangy Cyber team is here to help.  You can reach us 24 hours a day, 7 days a week at or #877-382-2724 (877-DTA-BRCH).

  • Laura  Funk

    Laura is a member of the Constangy Cyber Team and brings more than a decade of experience ensuring clients are fully informed of their potential legal obligations under federal and state data breach notification statutes by ...

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 


* indicates required
Back to Page