More than 1,000 medical record breaches involving 500 or more people have been reported to HHS since federal reporting requirements took effect nearly five years ago, according to HHS,Modern Healthcare's "Vital Signs" reports (Conn, "Vital Signs,"Modern Healthcare, 6/13).
HHS has been tracking data breaches since September 2009, when the HIPAA breach notification rule went into effect. The agency reports health information breaches affecting more than 500 individuals on its "wall of shame" website (iHealthBeat, 4/1).
Since 2009, HHS has received:
In total, large health data breaches reported by health care providers and their business associates have affected the medical records of about one in 10 U.S. residents, or 31.7 million people.
Meanwhile, more than 32,600 HIPAA complaint cases have been investigated, with more than 22,500 of them closing with corrective action, according to HHS Office for Civil Rights spokesperson Rachel Seeger ("Vital Signs," Modern Healthcare, 6/13)
Privacy Penalties on the Rise
In related news, HHS Chief Regional Civil Rights Counsel Jerome Meites at an American Bar Association Conference last week said he expects penalties under HIPAA to increase drastically in the next year, The Hill reports.
Since June 2013, HHS has received more than $10 million for HIPAA violations, according toLaw360. However, Meites said, "I suspect that that number will be low compared [with] what's coming up" (Viebeck, The Hill, 6/13).
Many EMR and EHR services are cloud based, and dependent upon internet connectivity. Despite HIPAA we can expect breaches from otherwise secure sites. It is important to notify patients when breaches occur.