Talk to a Security Expert Now: (800) 721-9177

BREACH REPORT 2015: Protected Health Information (PHI)

The HITECH Act mandates that large breaches of protected health information (PHI) totaling 500 records or more must be reported on a timely basis to the Office of Civil Rights (OCR) under the Department of Health and Human Services (HHS). This breach notification requirement was implemented in two interim rules and then finalized in the HIPAA Omnibus Rule. As of December 31, 2015, a total of 1,437 large breaches of PHI affecting 154,368,781 patients had been reported since HITECH went into effect in 2009.


Healthcare, Security Report

This is Redspin’s 6th annual Breach Report: Protected Health Information (PHI). At the conclusion of each year, we analyze the complete statistical data set of large breaches that have been reported to HHS. In the report, we assess the overall effectiveness of the current policies and controls designed to safeguard PHI. In the current year, we identify significant trends and draw attention to the specific areas most in need of improvement. We then offer Redspin’s recommendations for preventive measures and corrective actions to address any critical gaps or weaknesses. Our goal is to help the healthcare industry continually improve its ability to protect patient information. As always, we hope this year’s report makes an important contribution.