HIPAA Data Breaches on the Rise

A data breach occurs when secure information is intentionally OR unintentionally released into an untrusted environment. In the healthcare space, data breaches are especially problematic. The amount of sensitive information we entrust to hospitals, clinics, labs, payers and provides is staggering. HIPAA data breaches, in particular, are rising.

In our research for the infographic, HIPAA Breaches 2009-2015, we reviewed data from the Office of Civil Rights. They maintain a huge portal available for public consumption. Viewers can sort through the data by date, type of breach, location of breach, and more. Anyone can also export this data to review more thoroughly.

The numbers are startling. At the time of publication, there were over 1286 reported incidents affecting 153 million individuals . The largest breach was earlier this year from Anthem Insurance, reporting over 78 million records being breached. According to the Guide to the De-identification of Personal Health Information, the costs incurred for a breach – including notification, legal fines, legal fees, forensics, PR and more – is approximately $208 per person. The average data breach was over 100 thousand records and cost $24 million. We learned that the highest number of individual records breached were in Indiana, California and Washington State.

When we look at the types of breaches, an uncomfortable picture is created. Theft is the number one type of breach, followed by unauthorized access or disclosure. Hacking, loss, improper disposal and “other” round out the list.
In order to protect PHI, especially with a breach, the protections placed on data must be rigorous. As organizations start to share PHI more frequently, there should be stronger controls in place to ensure that if there are data leaks, individuals will not be re-identified. Risk-based de-identification offers much greater protection for organizations and individuals because it measures the amount of risk contained in the data. Releasing data without measuring the risk contained ultimately opens up greater chances for the number of HIPAA breaches to rise.

HIPAA Breaches 2009-2015

Free Webinar: De-Identification 101

Join Privacy Analytics for a high level introduction of de-identification and data masking.
Watch now

Free Download: De-Id 101

You have Successfully Subscribed!