In 2016, the Office of Civil Rights at Health and Human Services is expected to conduct HIPAA Phase 2 audits at about 350 Covered Entities. They will check to see that a robust security policy is in place. For more details, see our post about these audits.
The U.S. Department of Health and Human Services, Office of Civil Rights, maintains a database of data breaches of protected health information affecting 500 or more individuals. The table we provided on this page is a summary of a search of the database for breach records pulled for 2015 as of December 28, 2015. It is often the case that HHS will post additional breach reports for previous years as the information comes available, so the number of breaches and affected individuals may rise.
| Type of Reported Breach Jan 1, 2015 - Dec 28, 2015 |
Individuals Affected | Covered Entities Impacted |
| Hacking/IT Incident | 111,803,342 | 56 |
| Improper Disposal | 76,226 | 5 |
| Loss | 47,214 | 22 |
| Theft | 702,288 | 74 |
| Unauthorized Access/Disclosure | 570,017 | 96 |
| Grand Total | 113,199,087 | 254 |
You can search the database yourself at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. The organizations that make up the 22 "losses" that caused potential data breaches are listed here:
| Name of Covered Entity | State |
| New Dimension Group, LLC | NC |
| Dean Health Plan | WI |
| Children's Hospital Medical Center of Akron | OH |
| Cancer Care Northwest | WA |
| Lawrence General Hospital | MA |
| Sioux Falls VA Health Care System | SD |
| The McLean Hospital Corporation | MA |
| OhioHealth | OH |
| Maricopa Special Health Care District - Maricopa Integrated Health System | AZ |
| Amsterdam Nursing Home Corporation (1992) | NY |
| Ventura County Health Care Agency | CA |
| Walgreen Co. | IL |
| Clinical Reference Laboratory, Inc. | KS |
| CompuNet Clinical Laboratories | OH |
| New York State Office of Mental Health Nathan S. Kline Institute for Psychiatric Research | NY |
| Pediatric Associates | FL |
| Life Care Center of Attleboro | MA |
| Community Health Network | IN |
| Valley COmmunity Healthcare | CA |
| Clinical Reference Laboratory, Inc. | KS |
| Haywood County NC | NC |
| Tomas, Arturo | IL |
Cascade also maintains a list of data breaches related to poorly managed IT Asset Disposition programs. If you want justification for managing a comprehensive and effective data destruction program, use this information to support your position.
Copyright © 2018. Designed by: Cascade Asset Management. All Rights Reserved. See our Terms.