HIPAA Summit West: 1 in 4 Organizations Report Data Breaches

Dom Nicastro, September 27, 2011

Ali Pabrai said it best at last week's fifth national HIPAA Summit West at the Grand Hyatt in San Francisco. Pabrai, a data security expert, noted that 97% of chief information officers are concerned about data security.

"My question is, 'Who are these other three percent?'" Pabrai asked the hundreds of laughing attendees.

Pabrai, MSEE, CISSP (ISSMP, ISSAP), of ecfirst's HIPAA Academy in Newport Beach, CA, delivered a message that resonates with HIPAA privacy and security officers: Everyone, especially those charged with protecting the privacy of patient information, needs to be concerned about data security.

Numbers game
The numbers at the HIPAA Summit told the story:
  • 1 in 4: Organizations reporting a data breach (source: Pabrai)
  • 250,000 to 500,000: Medical identity thefts (source: Pabrai)
  •  330: Organizations reporting a breach of unsecured protected health information affecting 500 or more individuals since September 2009 (source: Office for Civil Rights, or OCR)
  • 34,000: Number of reports of breaches submitted to OCR affecting fewer than 500 individuals (source: OCR)

From how and from where the 500-or-more breaches are coming:


  • Theft: 50%
  • Unauthorized access disclosure: 20%
  •  Loss: 16%
  • Hacking/IT: 7%
Dom Nicastro Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.


Facebook icon
LinkedIn icon
Twitter icon