Healthcare News & Insights

OCR: 21 million patients have had protected health information breached

Federal law requires organizations to report breaches of protected health information affecting at least 500 patients. In addition to HIPAA penalties, providers also face a public shaming after those incidents. 

The U.S. Department of Health and Human Services’ Office of Civil Rights (OCR) keeps an updated list of healthcare data breaches on its website. The so-called “Wall of Shame” includes details about 477 breaches of protected health information that have been reported to the agency since September 2009. That’s when the HITECH Act, which mandates the reporting of breaches affecting 500 or more individuals, went into effect.

In total, 20,970,222 health records have been compromised by those breaches, OCR says. The incidents range from several that affected 500 people or slightly more to six in which more than a million records were compromised.

How were most of those records breached? More than half (54%) involved the theft of protected health information, either in paper form or on an electronic device. Often, that involved the theft of a laptop, smartphone or tablet that held medical records. Many of those devices are stolen from organizations’ premises, or when doctors or staff members take devices home with them.

Other breaches were caused by:

  • Unauthorized access or disclosure (20%)
  • Lost paper records or electronic devices (11%)
  • Improper disposal of records (5%), and
  • Unknown causes (4%).

Many of the breaches listed involve laptop computers or other portable electronic devices, including one incident at AvMed, Inc., in which the protected health information of 1.2 million people was compromised after a laptop theft.

Lost or stolen portable devices are becoming a big security threat for healthcare organizations as more work is being done on mobile gadgets — and especially as more doctors start using tablets and other devices to view electronic health records.

For help minimizing the risk, read our earlier post on keeping portable devices secure.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.