Top 10 HIPAA Breaches of 2012
HealthcareIT News recently published the top 10 HIPAA breaches of 2012. There are several things about this list that are striking:
1. The total number of records involved in the top 10 breaches was around 2 million records.
2. The organizations spanned the entire spectrum of healthcare, from hospitals, home healthcare, healthcare transportation, healthcare consulting and even two state Medigov agencies. (Can the federal government sue state agencies for HIPAA violations?)
3. The single most common cause (6 out of 10 cases) involved lost or stolen laptops.
4. An HHS employee e-mailing nearly a quarter million patient records using an unencrypted e-mail system accounted for another of the breaches.
5. Even though outside hacking is typically thought of as the greatest risk, that was the root cause in only 1 of the 10 events.
6. Inappropriate internal access (access by individuals who had no valid business or clinical reason) accounted for 1 of the events.
7. Loss of backup tapes was the cause of the last remaining breach.
That was all way back in 2012. Surely by now everyone has figured out HIPAA and has fixed all the issues, right?
See full description of all 10 here: http://www.healthcareitnews.com/news/10-largest-hipaa-breaches-2012