Redspin just released their annual report of protected health information breaches that occurred from late 2009 through the end of 2010. Over 200 breaches affecting 6,067,751 individuals have been recorded since August 2009 when the interim final breach notification regulation was issued as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act. However, this number only includes breaches that affected more than 500 individuals. The number of breaches that affected less than 500 individuals must also be reported to the Secretary of Health and Human Services annually but are not publicly available.
Selected findings from the report include:
- 43 states, plus DC and Puerto Rico have suffered at least one breach affecting more than 500 individuals.
- ~27,000 individuals, on average, are affected by a breach.
- 78% of all records breached are the result of 10 incidents, five of which are the result of theft including common storage media: desktop computer, network server, and portable devices.
- 61% of breaches are a result of malicious intent.
- ~66,000 individuals, on average, are affected by a single breach of portable media.
- 40% of records breached involve business associates.
Click here to download Redspin’s full report and learn how to best prevent a future breach.
For more information concerning the Breach Notification Rule and to review the original data set, please visit: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html