HIPAA Regulatory Alert

Health care breach list tops 160

Insurance plans account for most records

Hospitals and provider networks lead the list of health care entities reporting breaches of unsecured protected health information (PHI), according to the Office for Civil Rights (OCR) breach notification website, which lists 166 entities as of Sept. 30.

Breaches that affect more than 500 individuals are included on the list, which includes the name of the entity, number of individuals affected, and date and type of breach as well as location of information that was breached.

According to a recent report by the Health Information Trust Alliance in Frisco, TX, hospitals and provider networks account for the greatest number of breaches, followed by physician practices. Insurance plans experienced the third highest number of breaches. However, due to the number of records at risk for each group, insurance plans' breaches affected the most individuals, with almost 3 million records breached.

To view the OCR breach website, go to www.hhs.gov/ocr, select "Health Information Privacy," then choose "HIPAA Administrative Simplification Statute and Rule" on the left navigation bar, select "Breach Notification Rule" on left bar, then choose "View Breaches Affecting 500 or More Individuals" on the bottom right corner of the page.