• E-mail
• Print
• RSS

Large data breaches double since July

HIPAA Weekly Advisor, December 6, 2010

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Almost 200 entities have reported breaches of unsecured protected health information (PHI) affecting 500 or more individuals.

As of December 2, 197 entities had reported breaches to the government’s HIPAA privacy and security enforcer. The number of entities listed on the Office for Civil Rights (OCR) breach notification website has almost doubled since July, when the number reached 107.

In the past five months, 90 new breach reports have surfaced, or an average of 18 per month, a higher pace than the 15-per-month during the first five months after OCR launched the website.

The list is required by HITECH, the American Recovery and Reinvestment Act of 2009 privacy subpart that includes greater breach notification requirements, more public scrutiny, and increased fines for HIPAA violations.The reporting requirement is included in the interim final rule on breach notification, which became effective on September 23, 2009.

The December 10, 2009 breach at AvMed, Inc. of Florida affected 1.22 million individuals, making it the largest breach.

Laptops remain the number one location of breached information on the list, accounting for 55 of the 197 reports (27.9%). Paper records (41 reports), desktop computers (32), and portable electronic devices (29) follow.

Read more on HIPAA Update blog.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive