The Department of Health and Human Services Office for Civil Rights (OCR), has reported a staggering increase since this time last year of all forms of breaches of patient PHI.
Note: These figures do not include any 2019 breaches that involved fewer than 500 individuals. A covered entity must notify the Secretary of a PHI breach affecting fewer than 500 individuals within 60 days of the end of the calendar year in which the breach occurred.
There are many reasons for the increase, such as:
- The current onslaught of ransomware attacks
- Increased awareness and monitoring by healthcare entities and their business associates.
The table below compares the first eight months of 2018 to the first eight months of 2019.
|2018 Jan-Aug||2019 Jan- Aug||2019 % increase|
|Number of individuals affected||4,680,937||37,104,905||693%|
|Number of reports||117||312||167%|
|Type of breach|
|Improper media/equipment disposal||3||4||33%|
|Loss or theft||19||35||84%|
|# unauthorized access/disclosure||36||83||131%|
|Method of breach|
|Paper or Film||14||34||143%|
|Laptops & other devices||22||38||73%|