HIPAA Regulatory Alert: Breaches affect more than 21 million

The importance of encryption is emphasized with most of the recent major breaches added to the Department of Health and Human Services’ (HHS’) list of breaches. Seven of the breaches involved laptops, while the other two involved paper records.

Other recent breaches were caused by a hacking incident and unauthorized access. The largest number of individuals affected by a single breach was 109,000. The incident involved Crescent Healthcare, a Walgreens company that provides pharmacy and nursing solutions. Theft of a desktop computer resulted in the breach.

The HHS list includes 556 breaches affecting 21.7 million individuals. More than half of the breaches are related to lost or stolen unencrypted computers or mobile devices. The list contains breaches that affect 500 or more individuals and tracks incidents that have occurred since September 2009 when the breach notification rule came into effect.

For a complete list of breaches, go to http://www.hhs.gov/ocr/office/index.html. Select “Health Information Privacy” on top navigation bar, then select “HIPAA Administrative Simplification Statute and Rules.” On the left navigation bar, choose “Breach Notification Rule,” and then on the right side of the page, under “View Breaches Affecting 500 or More Individuals,” select “View a list of these breaches.”