Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Cost of a Breach, Proper Medical Record Disposal, and Delayed Breach Notifications

Posted on June 22, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Time for a quick roundup of HIPAA related tweets from around the Twittersphere. Check out these tweets and we’ll add in a bit of our commentary.


Matt’s correct that it’s not all avoidable, but at $380 per record that’s expensive. Breaches are expensive everywhere, but especially in healthcare. When you look at how insecure various industries are, my guess is that healthcare would be near the top of the list as well. That’s a problem.


I’m with Danika Brinda as well. I have no idea why this is still happening. Are people really that uneducated and naive when it comes to disposal of paper medical records? Hire a company with a great reputation if you’re not sure how to do it properly yourself.


Happens all the time. The fine for the delay is more than the damage of the breach itself. There should be no reason organization’s delay in their efforts to notify patients of a breach. Doing so can be a very expensive prospect. Plus, it’s the right thing to do for the patients.

HIPAA Breach Statistics

Posted on September 3, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently came across a great blog post by Danika Brinda on the TriPoint Healthcare Solutions blog that looked at the HIPAA Breach statistics. I guess Danika is a nerd like me and enjoys looking at the HIPAA breach statistics. Here’s some of her high level findings from the latest HHS reports:

  • A total of 1,293 Data Breaches have been reported since September 2009
  • Paper is still the #1 location (media type) of data breaches – 23% of total breaches involving greater than 500 individuals
  • Theft and Loss make up 59% of types of data breaches
  • Data hacking only makes up 10% of all data breaches where greater than 500 individuals were impacted
  • Business Associates are responsible for 22% of data breaches greater than 500 individuals

You can go check out her blog post for other findings and a number of charts using the data.

I think the stats above paint a very different picture than what most would expect. Many like to pretend that somehow breaches weren’t really an issue on paper. The stats above definitely say otherwise. I was also shocked that 59% of breaches were from theft of loss. Although, I wonder if more of those are reported, because it’s not as shameful to have something stolen from you as maybe some other violation which illustrates your negligence.

What wasn’t surprising to me was the increase in business associates that were responsible for the breach. I believe that number will continue to increase and increase dramatically. Many healthcare organizations don’t have a good grip on the HIPAA compliance of their business associates and I think they’re going to get blind sided by breaches.

What do you think of this data? Anything stand out to you?