OCR: Health records of over 7 percent of U.S. population breached in past 3 years

Health records of over seven percent of the U.S. population – almost 21 million individuals – have been breached in the past three years, according to OCR.  Although it may be somewhat of an apples-to-oranges comparison, it is worth noting that outside the health care arena it is not uncommon for this number of records, and several times this number of records, to be breached in a single incident, in this new era of vanishing personal privacy.  The 2012 theft from Amazon/Zappos online shoe retailer of 24 million customer records may be the most recent of the large-scale data breaches, but it is dwarfed by other breaches in recent years including, notably, the 2009 Heartland Payment Systems incident in which 134 million records were compromised.  According to the OCR, the 21 million number represents just those records compromised in breaches over a certain threshold and does not include smaller scale breaches. 

Via Modern Healthcare:

Since September 2009, there have been 477 breaches reported to the Office for Civil Rights affecting 500 or more people, according to a publicly viewable list on the office's website.

 

The breach notification and reporting mandate was part of more stringent privacy and security provisions of the American Recovery and Reinvestment Act of 2009.

Tens of thousands of breaches that involve fewer than 500 records have also been reported, according to the Office for Civil Rights, but details of these lesser breaches are not required to be posted to the website.

Six healthcare organizations have suffered breaches compromising 1 million records or more.

The list is topped by an incident last September involving the loss of 4.9 million records by an employee of Science Applications International Corp. He reported to police that some backup tapes carrying data on the medical treatment of military personnel kept by the Tricare Management Activity were stolen from his car in Austin, Texas.

Loss of data by a vendor is nothing unusual. In 100 of these larger breach incidents—roughly 21%—a business associate of a "covered entity" as defined under the Health Insurance Portability and Accountability Act of 1996, also was affected in the breach, Office for Civil Rights data show.

In total, the records of 20,970,222 individuals have been potentially exposed in these major breaches thus far.

The median size of a breach on the list involves the records of 2,184 people; the average is 43,963.

Theft is the most commonly reported breach type (54%), followed by unauthorized access or disclosure (20%), loss (11%), hacking (6%), improper disposal (5%) and other/unknown (4%).

Large medical-records breaches affect nearly 21 million: OCRModern Healthcare (August 1, 2012)

Privacy Policy

The publishing lawyer and law firm values the privacy of its clients and Web/blog site viewers. Any of the following personal information that may be made available to the lawyer or firm when browsing or navigating the site shall be kept confidential:

  • First and last name
  • Company, home, postal or other physical address
  • Other contact information, for example, telephone number, fax number, email address, and other similar information
  • Title or position in a company or an organization
  • Occupation
  • Industry
  • Personal interests
  • Any other information needed to provide a service you requested

Examples of scenarios where our visitors provide their personal information include, but may not be limited, to:

  • Emailing, calling or communicating with the lawyer or law firm.
  • Posting a question or comment through the site.
  • Requesting literature.
  • Registering to attend a seminar or any event.
  • Participating in an online survey.
  • Requesting inclusion in an email or other mailing list.
  • Submitting an entry for a contest or other promotions.
  • Logging in to the site, thus requiring a user name and/or a password.
  • Any other business-related reason.

The lawyer or law firm provides you the opportunity to agree or decline to give your personal information via the Internet. The lawyer or firm will inform you of the purpose for the collection and does not intend to transfer your personal information to third parties without your consent, except under the limited conditions described under the discussion entitled “Information Sharing and Disclosure” below. If you choose to provide us with your personal information, we may transfer that information, within the law firm or to a third party service provider as necessary.

Domain Information Collection

The lawyer or firm may collect domain information to enable us to analyze how our visitors use this site. This data enables us to become more familiar with which people visit our site, how often they visit, and what parts of the site they visit most often. The lawyer or firm uses this information to improve its Web-based offerings. This information is collected automatically and requires no action on your part.

Use of Cookies and Tracking User Traffic

Some pages on this site may use “cookies”—small files that the site places on your hard drive for identification purposes. A cookie file can contain information such as a user ID to track the pages visited, but the only personal information a cookie can contain is information you supply yourself. These files are used for site registration and customization the next time you visit us.

Some parts of the site may also use cookies to track user traffic patterns. The lawyer or firm does this in order to determine the usefulness of our Web site information to our users and to see how effective our navigational structure is in helping users reach that information. Please note that cookies cannot read data off of your hard drive. Your Web browser may allow you to be notified when you are receiving a cookie, giving you the choice to accept it or not. If you prefer not to receive cookies while browsing our Web site, you can set your browser to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can also refuse all cookies by turning them off in your browser, By not accepting cookies, some pages may not fully function and you may not be able to access certain information on this site.

Information Sharing and Disclosure

Your personal information is never shared outside the lawyer or firm without your permission, except under conditions listed below:

  • Consenting to share your information to a third party service provider working on our behalf to serve you.
  • Requiring us to provide you with a product or service.

The lawyer or firm will also disclose your personal information, if required to do so by law, or in urgent circumstances, to protect personal safety, the public or our sites.

Internet Security

The lawyer or firm strives to protect your personal information; however, we urge you to take every precaution to protect your personal data when you are on the Internet. Change your passwords often, use a combination of letters

Protecting the Privacy of Children

Children under 13 years old are not the target audience for our Web site. To protect their privacy, the lawyer or firm prohibits the solicitation of personal information from these children.

Links to Third Party Sites

This site may contain links to other sites. The lawyer or firm does not share your personal information with those Web sites and is not responsible for their privacy practices. We encourage you to learn about the privacy policies of those companies.

Changes to this Privacy Policy

The lawyer or firm reserves the right to change, modify or update this policy at any time without notice. Any substantial changes in the way we use your personal information will be posted on this site.

If you have questions or concerns about our Privacy Policy, please email us at the contact information on the site.