Although the number of large-scale health data breaches increased from 2011 to 2012, the number of patients affected by such breaches decreased last year, according to a report from audit firm Redspin, FierceHealthIT reports (Bowman, FierceHealthIT, 2/13).
For the report, Redspin examined 538 breach incidents that affected more than 21.4 million individuals since August 2009, when the breach notification rule under the HITECH Act took effect (Redspin release, 2/13).
Main Findings
The report found that the number of health data breaches affecting 500 or more individuals increased from 121 in 2011 to 146 in 2012. However, the number of patient records affected by such breaches decreased from 10.6 million in 2011 to 2.4 million in 2012, according to the report.
The report also found that:
- About 57% of the more than 21 million patient records affected by large-scale breaches were linked to business associates; and
- 38% of all protected health data breaches occurred on a laptop or other portable device in 2012, down slightly from 39% in 2011.
Implications
The report's authors said, "We believe the privacy and security safeguards envisioned in the HITECH Act implemented and enforced by [the HHS Office for Civil Rights], and recently codified in the HIPAA Omnibus Rule, are having a positive impact."
The authors added that they expect the trend of data breaches on laptops and other portable devices to continue because more health care providers are using such devices both at work and at home (FierceHealthIT, 2/13).