One in 10 Americans has been affected by a large health data breach

HHS lawyer predicts spike in HIPAA fines

More than 1,000 medical record breaches involving 500 or more people have been reported to HHS since federal reporting requirements took effect nearly five years ago.

HIPAA: How the law has evolved—and what's in store

HHS has been tracking data breaches since September 2009, when the HIPAA breach notification rule went into effect. The agency reports health information breaches affecting more than 500 individuals on its "wall of shame" website.

Since 2009, HHS has received 1,026 reports of breaches involving 500 or more individuals and more than 116,000 breach reports involving records of fewer than 500 individuals through March 1, 2013.

In total, large health data breaches reported by health care providers and their business associates have affected the medical records of about one in 10 U.S. residents, or 31.7 million people. 


Meanwhile, more than 32,600 HIPAA complaint cases have been investigated, with more than 22,500 of them closing with corrective action, according to HHS Office for Civil Rights spokesperson Rachel Seeger.

Coming up: Expect more HIPAA penalties

In related news, HHS Chief Regional Civil Rights Counsel Jerome Meites at an American Bar Association conference last week said he expects penalties under HIPAA to increase drastically in the next year.

Experts: Stolen patient data is most lucrative form of identity theft

Since June 2013, HHS has received more than $10 million for HIPAA violations, according to Law360. However, Meites says he expects that number to be "low compared [with] what's coming up" (Conn, "Vital Signs," Modern Healthcare, 6/13; Viebeck, The Hill, 6/13).

Hear from our experts

Ernie Hood, Senior Research Director

Data breaches are pretty much (or just about) inevitable; what hospitals are failing to do is prepare for them. We know from studies that the top indicator of how bad the consequences of a breach will be is how quickly and effectively an organization reacts to it. But hospitals are not spending the time needed to prepare for a breach in advance.


Next in the Daily Briefing

To save her vocal cords, patient sings through surgery

Read now