HHS: Data Breaches Affect 1 In 10

By Katie Wike, contributing writer

Large health data breaches have affected more than 37 million U.S. residents since September 2009.

Since September 2009, HHS has been publishing information online regarding breaches which involved more than 500 individuals’ records. This was originally part of HIPAA’s breach notification rule.

iHealth Beat reports that since then a total of 1,026 breaches have been reported involving records of 500 individuals or more, and more than 116,000 reports of breaches involving less than 500 individuals have been reported.

These breaches are said to have involved the loss or theft of more than 37.1 million US residents’ records. That works out to roughly 1 in 10 Americans who have been affected by big data breaches.

Office of Civil Rights spokeswoman Rachel Seeger says, although they have been taking more action against breaches in the past 12 months, the goal in the overwhelming majority of cases is compliance. “If you take a look at the reports to Congress, which we posted this week, we have investigated over 32,600 (HIPAA complaint) cases (and) over 22,500 of them have closed with corrective action,” Seeger said, according to Modern Healthcare.

“The majority of these cases are closed with corrective actions that don't result in these monetary settlements,” she explains, but also qualifies that they do “have these 21 cases that have closed with a monetary settlement,” Seeger said. Settlement amounts for these 21 cases total $25.1 million.

The most public recent breach happened at New York Presbyterian and Columbia University, where a breach of nearly 7,000 patient records were compromised. Just that breach alone led to a $4.8 million payout.