OCR Patient Data Breach List Hits Milestone

Dom Nicastro, January 24, 2011

The number of entities reporting breaches of unsecured protected health information (PHI) affecting 500 or more individuals has hit 225. The web site was born out of HITECH and has been live since February 2010.

OCR says the breach reports date back to September 2009. Hence, it's been about 17 months since OCR has accepted the reports. It amounts to about 13 reports filed per month, or 0.44 per day.

The OCR breach notification website also reports the following numbers:
  • 10 -- Number of reports affecting more than 100,000 individuals, or 4.4 percent of the total number of breaches.
  • 4 – Number of reports affecting between 50,000 and 99,999 individuals
  • 6 – Number of reports affecting between 25,000 and 49,999 individuals
  • 27 – Number of reports affecting between 10,000 and 24,999 individuals
  • 61 – Number of reports that involve a laptop, or 27.1 percent.

HITECH’s breach notification interim final rule is still in effect. OCR has been close to signing off on a final rule before it pulled it out of the hands of the Office of Management and Budget (OMB) for further review.

Dom Nicastro Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
Facebook icon
LinkedIn icon
Twitter icon