2014 HIPAA Privacy and Security Breach Report

The healthcare industry suffered a number of large scale data breaches in 2014, with Community Health Systems the hardest hit after hackers stole 4.5 million patient health records.

2014 HIPAA Privacy and Security Breaches Increase by 138%

In 2014, HIPAA privacy and security breaches hit record highs with millions of patient health records exposed. Since 2012, security breaches have increased by 138% and the trend has continued into 2015.

Colossal data breaches have already been reported by Anthem and Premera Health, which exposed 78.8 million and 11 million health plan member records respectively and that was before February had come to an end.

The healthcare IT security focus has now shifted from compliance with HIPAA regulations to the prevention of data breaches according to a survey of healthcare IT professionals at HIMSS 2015 due to the staggering cost of data breaches.

However, the data from last year suggests that hacking accounted for a relatively small proportion of the data breaches reported in 2014. When these incidents do occur, as we have seen over the course of the past few months, huge quantities of data can be stolen.

Majority of HIPAA Breaches Involve Laptop Computers or Paper Records

Portable electronic devices are incredibly convenient tools for accessing PHI but their portability also means they can easily be lost or stolen. Without data encryption, any loss or theft is automatically a HIPAA breach. Encrypting portable devices containing PHI could cut the number of reported breaches by half. HIPAA rules also apply to paper records, and accidental disclosures, mailings and improper disposal accounted for over a fifth of breaches reported during the year.

The major HIPAA breaches of privacy and security have been summarized in the infographic below:



Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.