HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HIPAA Breach Report: January 2014

January 2014 HIPAA Breach Summary:

The HIPAA Breach Notification Rule demands that Healthcare providers, health plans healthcare clearing houses and BAs report data breaches involving more than 500 individuals to the Office for Civil Rights of the HHS within sixty days of the discovery of the breach.

This report contains a summary of the breaches which have been reported to the OCR during the month of .January, 2014

Major HIPAA Breaches in January 2014

After two relatively quiet months, January saw a high volume of data breaches, including two massive data breaches that exposed hundreds of thousands of patient records. The theft of a laptop computer from Horizon Healthcare Services, Inc. (As Horizon Blue Cross Blue Shield of New Jersey) resulted in 839,711 potentially being exposed, while a network server incident at Triple-C, Inc. (PR) was reported to the OCR as exposing 398,000 and 8,000 patient-records.

The large breach at the North Carolina Department of Health and Human Services (NC) appears small by comparison, although the unauthorized disclosure affected 48,752 individuals. Another health plan, Virginia Premier Health Plan (VPHP) (VA) also registered a breach – involving 25,513 paper records and Cook County Health & Hospitals System (IL) registered an email-related HIPAA breach involving 22,511 patient records.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Data encryption would have saved Network Pharmacy Knoxville (TN) from having to send 9,602 breach notification letters, had it of been installed on the company’s laptops.

Similarly, the loss of an unencrypted portable storage device resulted in Business Associate, The University of Wisconsin-Madison School of Pharmacy (WI), potentially exposing 41,437 patient records.

Summary of Reported Breaches

In January, 2014, a total of 1,440,600 individuals were affected in 27 data/HIPAA/HIPAA data breaches that were reported to the OCR through its breach report portal. This represents approximately 7 times the volumes of victims as were recorded last month and approximately the same volume of records was compromised this month, as were exposed in Q4 of 2013.

Breach Type

The theft of healthcare laptops was the main cause of HIPAA breaches in January. These incidents could have been avoided had data encryption been used. The unauthorized disclosure of PHI resulted in 6 HIPAA breaches in January.


Breaches by Covered Entity

January saw more than twice as many Business Associates hit by HIPAA breaches as last month, and almost as many breaches as they caused in all of Q4, 2013. Healthcare providers were the worst affected, registering 14 breaches. Healthcare clearing houses avoided any breaches, while insurers reported two incidents, including a 48,752-record breach by the North Carolina Department of Health and Human Services.


Location of Breached Information



 View Breach Report for December, 2013

Data Source:

HHS OCR Breach Portal: ttps://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=9BF4AF4A0922D09B6E1CF5DAE375E0D0.ajp13w

*Data does not include HIPAA breaches reported to the OCR after the 60-day reporting deadline, as demanded by the Breach Notification Rule. Any errors made by CEs during the submission of HIPAA breach reports via the online portal will be reflected in this breach summary. Figures are deemed to be correct at the time of publishing, although covered entities are permitted to update breach reports after the 60 day deadline as further information becomes available.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.