HIPAA Breach Statistics

Posted on September 3, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently came across a great blog post by Danika Brinda on the TriPoint Healthcare Solutions blog that looked at the HIPAA Breach statistics. I guess Danika is a nerd like me and enjoys looking at the HIPAA breach statistics. Here’s some of her high level findings from the latest HHS reports:

  • A total of 1,293 Data Breaches have been reported since September 2009
  • Paper is still the #1 location (media type) of data breaches – 23% of total breaches involving greater than 500 individuals
  • Theft and Loss make up 59% of types of data breaches
  • Data hacking only makes up 10% of all data breaches where greater than 500 individuals were impacted
  • Business Associates are responsible for 22% of data breaches greater than 500 individuals

You can go check out her blog post for other findings and a number of charts using the data.

I think the stats above paint a very different picture than what most would expect. Many like to pretend that somehow breaches weren’t really an issue on paper. The stats above definitely say otherwise. I was also shocked that 59% of breaches were from theft of loss. Although, I wonder if more of those are reported, because it’s not as shameful to have something stolen from you as maybe some other violation which illustrates your negligence.

What wasn’t surprising to me was the increase in business associates that were responsible for the breach. I believe that number will continue to increase and increase dramatically. Many healthcare organizations don’t have a good grip on the HIPAA compliance of their business associates and I think they’re going to get blind sided by breaches.

What do you think of this data? Anything stand out to you?