New HHS Report Details 2011 & 2012 Breach Trends

On June 18, 2014, the US Department of Health and Human Services (HHS) released its Annual Report to Congress detailing breaches of unsecured protected health information (PHI) occuring in 2011 and 2012, a report required by the Health Information Technology and Clinical Health (HITECH) Act. Between 2011 and 2012, HHS received 458 reports of data breaches affecting more than 500 individuals; in total, approximately 14.69 million individuals were affected. Theft was the most common cause of data breaches during the relevant years, and breaches occured predominately (68% of the time) at healthcare providers. 25% of data breaches occured at business associates, and 7% occured at health plans. The Office of Civil Rights opened investigations into all 458 reported breaches, and as of the date of the report, had entered into agreements for $8 million in settlements. To read the full report, click here.