Feedback Form
Join, Follow & Connect
Join Modern Healthcare's LinkedIn group Follow Modern Healthcare on Twitter Join Modern Healthcare's Facebook group Join Modern Healthcare's Flickr group Get a Modern Healthcare news feed
 
 
Comment Buy Reprints Print Article Share on LinkedIn Share on Facebook Share on Twitter Email this page to a colleague
Healthcare Business News
 

More than 30,000 health-records breaches since 2009: HHS


By Joseph Conn
Posted: September 7, 2011 - 12:01 am ET
Tags:

The medical records of about 7.9 million people have been exposed in more than 30,750 healthcare-related security breaches since breach notification requirements took effect two years ago, according to a report by the HHS secretary and the Office for Civil Rights at HHS.
Advertisement | View Media Kit
 

The vast majority of the breaches—more than 30,500 of them—were relatively small-scale mishaps that involved fewer than 500 records each and collectively accounted for the unauthorized disclosure of the records of roughly 62,000 individuals, according to the report to Congress (PDF).

During the same reporting period, however, the Office for Civil Rights received word of 252 large-scale breaches that involved more than 500 records each. These big breaches included some whoppers that involved the exposure of upward of 1 million records. In total, they accounted for the medical records of 7.8 million individuals being compromised, according to the report. The new breach notification requirements—pertaining to breaches by healthcare providers, health plans and their business associates—were contained in the American Recovery and Reinvestment Act of 2009 and took effect in September of that year.

Under the stimulus law, which tightened and added new privacy and security measures to the Health Insurance Portability and Accountability Act of 1996, providers and other HIPAA-defined "covered entities" were required to report breaches to the Office for Civil Rights. The breaches of fewer than 500 records had to be reported to the office annually. The larger breaches, involving 500 or more records, had to be reported promptly. Details of these larger breaches are publicly posted on the OCR's "wall of shame" website.

The HHS secretary must, under the stimulus law, report to Congress about the breaches, as well as about compliance with privacy and security rules and enforcement actions taken by the agency, which has enforcement responsibilities for privacy and security under HIPAA. The law required HHS to make its first report to Congress within one year of enactment and annually thereafter. This was HHS' first report under that law, however.


What do you think?

Share your opinion. Send a letter to the Editor or Post a comment below.

Post a comment

Loading Comments Loading comments...

Search ModernHealthcare.com:

Daily Dose MH Alert MH AM HITS Modern Physician Most Requested Advance Notice
LinkedIn Amazon Kindle Twitter Facebook Flickr News Feeds
Modern Healthcare is part of Crain Communications, Inc., one of the largest privately owned business publishers in the U.S., with more than 27 leading business, trade and consumer publications and related websites in North America, Europe and Asia. For more information, visit Crain.com
Advertising Age
Automobilwoche
Automotive News
Automotive News Europe
Autoweek
BtoB
 Business Insurance
Crain's Chicago Business
Crain's Cleveland Business
Crain's Detroit Business
Crain's New York Business
Creativity
 European Plastics News
European Rubber Journal
InvestmentNews
Media Business
Modern Physician
Pensions & Investments
 Plastics News
Plastics News China
Plastics & Rubber Weekly
Rubber & Plastics News
shopautoweek.com
Staffing Industry Analysts
 TelevisionWeek
Tire Business
Urethanes Technology International
Waste & Recycling News
Workforce