The reported breaches break down as such:
- 2,914: Unintentional breach to person outside facility/healthcare system. Example: A patient's prescription is faxed to the wrong number and ends up in a lawyer's office instead of the corner pharmacy.
- 559: Unintentional breach by healthcare worker within the facility/healthcare system. Example: A nurse faxes a patient record to cardiology instead of radiology.
- 147: Malicious breach by healthcare worker. A healthcare worker looks at the medical record of a patient without any medical reason to do so.
- 125: Breach of computer system theft, loss of electronic device/ medical records. Example: A hospital laptop is stolen from an employee's personal car.
- 21: Malicious breach by person other than a healthcare worker. Example: Someone visiting the hospital sees a medical file on a desk and decides to pick it up and start reading.
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.