Cascade Asset Management

In 2016, the Office of Civil Rights at Health and Human Services is expected to conduct HIPAA Phase 2 audits at about 350 Covered Entities. They will check to see that a robust security policy is in place. For more details, see our post about these audits.

The U.S. Department of Health and Human Services, Office for Civil Rights, maintains a database of data breaches of protected health information affecting 500 or more individuals. The table we provided on this page is a summary of a search of the database for breach records pulled for 2015 as of January 14, 2017. It is often the case that HHS will post additional breach reports for previous years as the information comes available, so the number of breaches and affected individuals may rise.

Type of Reported Breach Jan 1, 2016 - Dec 31, 2016, reported as of 1/14/17	Individuals Affected	Covered Entities Impacted
Hacking/IT Incident	12,521,559	90
Improper Disposal	2,000	1
Loss	63,471	10
Theft	823,551	39
Unauthorized Access/Disclosure	1,057,414	47
Grand Total	14,467,995	187

You can search the database yourself at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. The organizations that make up the 11 "losses" or "improper disposal" that caused potential data breaches are listed here:

Name of Covered Entity	State
Linda J White, DDS, PC	VA
Aetna Inc.	CT
OptumHealth New Mexico	MN
Briar Hill Management	MS
MGA Home Healthcare Colorado, Inc.	AZ
The Outer Banks Hospital	NC
Edwin Shaw Rehabilitation	OH
W. Christopher Bryant DDS PC	MI
Karmanos Cancer Center	MI
Grx Holdings, LLC dba Medicap Pharmacy	IA
New West Health Services d/b/a New West Medicare	MT

Cascade also maintains a list of data breaches related to poorly managed IT Asset Disposition programs. If you want justification for managing a comprehensive and effective data destruction program, use this information to support your position.

Reported data breaches - 2016, HHS