Health Care Client Update: Reported HIPAA Breaches Clear 500th Case Mark
As required by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), the Department of Health and Human Services (“HHS”) maintains a public list of unsecured electronic Protected Health Information (“PHI”) breaches affecting 500 or more individuals. As of January 1, 2013, the HHS list identifies over 500 breaches. The HHS list also publishes the names of the providers who have reported the breaches and summaries of the breach cases investigated by the government.
The Ponemon Institute estimates that the economic impact of only one data breach is about $537,186. Nearly half of reported breaches are attributed to the theft or loss of a mobile device and therefore, HHS has recently launched a website focusing on mobile device security (healthit.gov).
Further, as demonstrated by a recent settlement agreement between the HHS and Hospice of North Idaho, it is noteworthy that even though the published HHS list does not include breaches affecting less than 500 individuals, the government will continue to pursue HIPAA violations affecting less than 500 individuals.
For more information on complying with patient privacy regulations and recent enforcement actions, see Attorney Sadaly’s article on compliance with HIPAA and the HITECH Act.
If you have questions or concerns about complying with HIPAA and the HITECH Act, you can contact us at 814-459-2800.
Legal Advice Disclaimer: The content of this website is provided for general information purposes only. It should not be used as a substitute for consulting an attorney for legal advice regarding the reader's own affairs. Knox McLaughlin Gornall & Sennett, P.C. is not responsible for the content provided on any third-party website which may be accessed via links provided by this site.