Nearly 21 million individuals have had their medical records compromised in breaches large enough to require public reporting to the Office for Civil Rights at HHS.
Since September 2009, there have been 477 breaches reported to the Office for Civil Rights affecting 500 or more people, according to a publicly viewable list on the office's website.
The breach notification and reporting mandate was part of more stringent privacy and security provisions of the American Recovery and Reinvestment Act of 2009.
Tens of thousands of breaches that involve fewer than 500 records have also been reported, according to the Office for Civil Rights, but details of these lesser breaches are not required to be posted to the website.
Six healthcare organizations have suffered breaches compromising 1 million records or more.