HIPAA Summit West: 1 in 4 Organizations Report Data Breaches

Ali Pabrai said it best at last week's fifth national HIPAA Summit West at the Grand Hyatt in San Francisco. Pabrai, a data security expert, noted that 97% of chief information officers are concerned about data security.

"My question is, 'Who are these other three percent?'" Pabrai asked the hundreds of laughing attendees.

Pabrai, MSEE, CISSP (ISSMP, ISSAP), of ecfirst's HIPAA Academy in Newport Beach, CA, delivered a message that resonates with HIPAA privacy and security officers: Everyone, especially those charged with protecting the privacy of patient information, needs to be concerned about data security.

• 1 in 4: Organizations reporting a data breach (source: Pabrai)
• 250,000 to 500,000: Medical identity thefts (source: Pabrai)
•  330: Organizations reporting a breach of unsecured protected health information affecting 500 or more individuals since September 2009 (source: Office for Civil Rights, or OCR)
• 34,000: Number of reports of breaches submitted to OCR affecting fewer than 500 individuals (source: OCR)

From how and from where the 500-or-more breaches are coming:

How:

• Theft: 50%
• Unauthorized access disclosure: 20%
•  Loss: 16%
• Hacking/IT: 7%