[ Thursday, September 08, 2011 ]
Almost 8 million records. Over 30,000 separate breaches. That's the current status of the breaches
that have been reported to HHS, according to HHS' report to Congress
required by HITECH.
Two things to remember about these breaches. First, almost all of them were breaches of fewer than 500 records; only about 250 out of over 30,000 breaches were "big" breaches. Second, almost all of these breaches were NOT violations of HIPAA. Look, sometimes a bad employee will do a bad thing; sometimes a good employee will give in to temptation; sometimes someone makes a mistake and throws out something that should be shredded; sometimes a flash drive gets lost; and sometimes someone breaks in and steals your laptop. Those are not HIPAA breaches. HIPAA doesn't require exact and perfect protection -- no law does. These numbers, while big, don't indicate damage from breaches (the vast, vast majority of these incidents resulted in no harm to the individuals). And they certainly don't indicate that HIPAA doesn't work.
Jeff [10:07 AM]
Blogger: HIPAA Blog - Edit your Template