Health Information Management

Large patient information breaches skyrocket

HIM-HIPAA Insider, April 26, 2010

The number of entities reporting breaches of unsecured PHI affecting 500 or more individuals has more than doubled since February.

In February, the Office for Civil Rights (OCR), which enforces the HIPAA privacy and security rules, reported that 32 entities had reported egregious breaches since September 22, 2009. As of Friday, April 23, that number had climbed to 69.

HITECH requires OCR to make public any breaches affecting 500 or more individuals. OCR will continue to update the page as it receives new reports of breaches of unsecured PHI.

The requirement is included in the interim final rule on breach notification, which became effective on September 23, 2009.

Most Popular