in HIPAA Headlines by John Brewer

2010 was a banner year for HIPAA breaches.

The CMS started keeping track on their website.

This is an interesting way to gather some data.

First, realize that only breaches greater than 500 get reported to the CMS.

Second, realize there are some (big) companies that are able to delay reporting through some legal wrangling.  Health Net, an insurance has been able to delay (for how long?) reporting their breach by “missing” server hard drives.  The California Department of Managed Healthcare reports this breach affects 1.9 individuals.

But, since that is not reported, we won’t include their data in our stats.

There are just under 250 reported breaches on the website.

The breakdown is:

Theft135
Unauthroized access41
Loss35
Hacking13
Improper disposal11
Other1

Obviously theft is the largest culprit.

Next we look at a “device” breakdown:

Laptop64
Paper Record49
Portable Electronic dev35
Desktop Computer34
Server25
Other11
eMail6
Mailings3
Backup Tapes2
EMR2
Hard Drives2
CDs1

Interesting to note that paper records are #2.

I would lump portable electronic device and laptop together as they can both dealt with in the same way.
Desktop computers are also interesting, as they signal theft or improper disposal, yet again, can be handled just as laptops.

The server breaches were mostly “hacking/unauthorized access”.

In future posts I’ll delve into how to protect your practice from these mistakes.

Keep this in mind: 500 patients is all you need in order to report your breach to the CMS and be on the not-so-flattering website.

How many patients are in your EHR?

About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 176 great entries.

One thought on “Over 8 Million Breaches and Counting
  1. Lois Bame says:

    I would just like to ask a question if some one will or can answer for me. I volunteer at a cite in Citrus county and we get involved with the clients that we deliver the meals to and when we ask question about the client, when they stop taking meals or just kind of disappear from our list they tell us that they can not tell us because of the hipa law. That we do not have the right to know. Thank you for any info you can give me.

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *