HHS Department Reports Breach Statistics For Past Two Years

The U.S. Department of Health and Human Services Office of Civil Rights received reports of more than 200 security breaches that affected 500 or more individuals during 2009 and 2010, according to data released last week.

In its mandated report to Congress on breach reports (PDF), HHS said 99 of the 207 incidents involved theft of paper records or electronic media, together affecting approximately 2,979,121 individuals.

The report on breaches in 2010 describes five general causes of incidents: theft; loss of electronic media or paper records containing protected health information; unauthorized access to, use, or disclosure of protected health information; human error; and improper disposal.

In 2010, the number of individuals affected by the loss of electronic media or paper records was greater than those affected by unauthorized access or human error, the report says. Theft was the most common reported cause of large breaches.

HHS said it received approximately 5,521 reports of smaller breaches (those affecting less than 500 people) in 2009, which in total affected approximately 12,000 individuals. HHS received more than 25,000 reports of smaller breaches that occurred in 2010, affecting more than 50,000 individuals.

The majority of small breach reports involved misdirected communications and affected just one individual each. Often, a clinical or claims record of one individual was mistakenly mailed or faxed to another individual, the report says.

The report also describes the steps that HHS is taking to remediate the security issues, including greater adoption of encryption and better physical security.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.