HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Data Breach Analysis 2009-2012 – HITECH Experience Reviewed by HITRUST

December 7, 2012

In the first three years that the HITECH data breach notification rules have been in effect (September 2009 – September 2012), almost 500 breaches affecting more than 500 individuals have been reported.  As of this spring, over 57,000 data breaches affecting fewer than 500 individuals have been reported.

HITRUST Analysis of U.S. Healthcare Breach Data (infographic) (report)
Courtesy of HITRUST (Health IT Trust Alliance)

The key takeaways:

  • Most data breaches are accounted for by theft or loss (2/3 of breaches, over 4/5 of breached records); the balance are accounted for by unauthorized access or disclosure, incorrect mailing, hacking and improper disposal 
  • Hacks are on the rise, and given the likely underreporting of all breaches and the ease with which theft and loss of devices and records are detected, chances are that security improvement efforts are not being targeted appropriately
  • The weak link for most data breaches are laptops, paper records and mobile media (3/4 of breaches, 2/3 of records); the balance are from desktop computers, network servers and system applications
  • The trend in number of data breaches over time is encouraging, but there have been upticks in late 2011 and early 2012 
  • Hospitals, health plans and business associates are getting better at securing their data over time; physician practices are getting a little worse, particularly in smaller practice which, since they are often linked to community hospital EHRs, expose the hospitals as well
  • Government sector breaches account for a large percentage of the whole (check out the OIG report on CMS data breaches under HITECH for a glimpse of one sliver of this problem)

The full report is worth reading.  Also: see more from HealthBlawg on HIPAA, HITECH and data breaches.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting
 

Filed Under: Compliance, EHR, Health care policy, Health Insurance, Health Law, HIPAA, Hospitals, Physicians, Privacy, Security

you might also like:

  1. The Virginia prescription record security breach: The big picture, and using this case as a learning experience

  2. Data Breach: How Much Will One Cost You?

  3. Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who's Ready?

« David Harlow featured in Becker's ASC Review: 6 Steps for ASCs to Participate in New Payment Models
Can Patient-Centered Care Reduce Hospital Readmissions? »

Follow me on Twitter

David Harlow 💉😷 Follow 42,900 17,567

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
6h 1619996502591524865

ICYMI> David Lareau, CEO of Medicomp Systems on TEFCA and More — Harlow on Healthcare https://healthblawg.com/2022/02/david-lareau-medicomp-systems.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  David Lareau, CEO Twitter feed image.
Reply on Twitter 1619996502591524865 Retweet on Twitter 1619996502591524865 0 Like on Twitter 1619996502591524865 0 Twitter 1619996502591524865
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
13h 1619890873025667072

ICYMI> Alana McGolrick, Chief Nursing Officer of PeriGen … and fetal monitoring geek — Harlow on Healthcare https://healthblawg.com/2021/10/alana-mcgolrick-chief-nursing-officer-of-perigen-and-fetal-monitoring-geek-harlow-on-healthcare.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Alana McGolrick, Chief Twitter feed image.
Reply on Twitter 1619890873025667072 Retweet on Twitter 1619890873025667072 0 Like on Twitter 1619890873025667072 0 Twitter 1619890873025667072
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
18h 1619810966631325698

The Harlow #Healthcare #Innovation Daily #digitalhealth #hcldr #HarlowOnHC #digitalhealth #healthtech

Image for twitter card

Python Book Goodies and Apache Arrow

datasciencecentral.com In my rundown this week, I cover two distinct topics – a new Python analytics books and t...

paper.li

Reply on Twitter 1619810966631325698 Retweet on Twitter 1619810966631325698 0 Like on Twitter 1619810966631325698 0 Twitter 1619810966631325698
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]