Bookmark and Share

HIPAA & Breach Enforcement Statistics for April 2014

Produced by Health Information Privacy/Security Alert
Published by Melamedia, LLC


Bookmark and Share  

New Webinar

The Evolving World of Breach Liability
The Risky World Beyond HIPAA:
Health Data Breaches and Class Action Law Suits
May 1, 2014
1:00 pm - 2:30 pm Eastern

Our Webinars
 on CD

Webinars Qualify for IAPP CEs

10th Annual Year-End Review of Medical Privacy & Security Enforcement
Dec. 17, 2013
Listen to a Sample


HIPAA/HITECH Compliance & FDA's Mobile Medical Apps Guidance
Oct. 30, 2013
Listen to a Sample


Special Offer
Don't Act Rashly in Punishing Security Violations!
Special Offer
3-Part Series: Domino Effects of HIPAA & HITECH on the Workforce


2-Part Webinar Package
Cutting Through the Hype On HIPAA & HITECH Enforcement
Save More than $100 When You Order Both CDs



The Effects of the Supreme Court Rulings on Same-Sex Marriage on Patient Rights, and HIPAA and HITECH Compliance Aug. 13, 2013

Listen to a Sample


Understanding & Deploying OCR's New Data De-Identification Guidance
Jan. 17, 2013


HITECH Major Breaches Affect More than 30 Million Patients

BA Reasons for Breaches
 As of March. 17, 2014
# of Breaches Reason
86 Theft
41 Unauthorized Access/ Disclosure
28 Loss
Source: Health Information Privacy/Security Alert  Analysis of  HHS Office for Civil Rights Data

Health data breaches involving more than 500 patients rose to 879 from 834 as OCR reported 45 new incidents affecting more than 750,00 patients, according to the latest analysis by Health Information Privacy/Security Alert of OCR data from Feb. 18 through March 17.

More than 30,000,000 patients have
been affected since the HITECH Act reporting requirements were imposed in September 2009.

Business Associates may have been involved in 239 of those breaches. However, OCR statistics were ambiguous because in 18 instances, covered entities said that information was not available.

Theft continued to be the leading reason for all HITECH Act breaches, accounting for 407 alone and was one reason cited in 44 other instances. Unauthorized access/disclosure accounted for 131 breaches and was one reason cited in 40 other breaches.

A fuller analysis of the health data breaches is available in Health Information Privacy/Security Alert.

Take advantage of a special offer for a one-year e-subscription to Health Information Privacy/Security Alert click here



HIPAA Complaints Climb to 1,254 in February

OCR reported it received 92,975 HIPAA patient complaints, suggesting that it received 1,254 complaints in February. The agency received 720 complaints in January and 414 complaints in December.

Of the 32,227 complaints that fell within OCR's jurisdiction, 22,222 required corrective actions by covered entities (CEs).

An analysis by HIP/SA found that the agency determined that 81 complaints required CEs to take some action in February. In January that number was 115 complaints, and in December it was 534 complaints.

Investigations of the remaining 10,005 complaints within OCR's jurisdiction found no violation.

The agency said it resolved 94% of all the complaints that it had received – a slight increase from January. That resolution level also included a very large number of complaints (54,944) that did not fall within OCR's jurisdiction.

Overall, about 25.5% of total complaint investigations resulted in some corrective action by CEs in February. That was slightly lower than the 25.9% in January and the 26% in December.

OCR indicated that it had5,804 in 9 in some phase of investigation in February compared to 6,10 in January and 5,447 in December.

OCR referred more than 522 cases to the Department of Justice for possible criminal prosecution. That suggested that the agency made one referral in February. It made no referral in January or December.

The privacy areas investigated most often were:

  • Impermissible uses and disclosures of protected health information (PHI);
  • Lack of safeguards of PHI;
  • Lack of patient access to their PHI;
  • Uses or disclosures of more than the Minimum Necessary PHI; and
  • Lack of administrative safeguards of electronic PHI.

OCR released a memo to the public reminding them and the healthcare community, that patients are entitled to access to their medical records at reasonable costs.

The most common types of covered entities that had to take corrective action were:

  • Private Practices;
  • General Hospitals;
  • Outpatient Facilities;
  • Health Plans; and
  • Pharmacies.

HIPAA Enforcement Stats


Subscribe
to
HIPAA & Breach Enforcement Stats


White Paper
Did HITECH Increase HIPAA Patient Complaints?
HIPAA/HITECH Act Enforcement 2003-2013:
The Role of Patient Complaints in Medical Privacy and Data Security




The Ripple Effects of HHS Proposed Requirements
for Accounting of Disclosures

July
2011

 


The Nuts & Bolts of Insurance & Covering
The Costs of Health Data Breaches

Aug. 2010




Visit our
Education Page
for a complete list of webinars

Special Subscription Offer from Health Information Privacy/Security Alert

  Save 50% on an Annual Subscription
& Get Any One of Our Webinars on CD for Free
 Get Additional Webinars for only $69 each.

or Subscribe for 6 Months for only $99
 Download the Order Form
 
 visit Melamedia's Education Page
 for a Complete List of Eligible Webinars



Understanding & Coping with the New HITECH Regulations - 2 Part Webinar Series
February 2013


A Strategic Approach to Protecting Yourself from HIPAA Audits
Oct. 2011

 



SPECIAL OFFER
3-Part Series: Domino Effects
of HIPAA & HITECH  on the Healthcare Workforce

July, Aug. & Sept. 2012



PRIVACY
HIPAA Complaints Lodged with OCR
Through Feb. 28,  2013*

Month

Monthly

Running Total*

Cases  Under OCR Jurisdiction

Cases Requiring CE
Action

Cases Requiring No CE Action

%  Required CE Action of Total Lodged Complaints

Cases Referrals to DoJ

Running Total for DoJ*

2012

February

856 68,410 23,639 15,532 8,107 22.7% 0 499

March

818 69,227 23,983 15,780 8,203 22.7% 1 500

April

880 70,107 24,325 16,015 8,310 22.8% 0 500

May

875 70,882 24,681 16,259 8,422 22.9% 2 502

June

967 71,849 25,222 16,708 8,514 23.25% 0 502

July

835 72,684 25,612 17,025 8,587 23.4% 0 502

August

992 73,676 26,071 17,422 8,649 23..6% 0 502

September

878 74,554 26,513 17,767 8,746 23.8% 0 502

October

920 75,474 26,922 18,122 8,800 24% 0 502

November

990 76,464 27,175 18,328 8,847 26.3% 1 503

December

726 77,190 27,466 18,559 8,907 26.3% 6 509
2013

January

686 77,877 27,682 18,711 8,971 26.4% 5 514

February

994 78,871 27,973 18,927 9,046 26.4% 0 514

March

1,049 79,920 28,452 19,306 9,146 26.6% 1 515

April

916 80,836 28,981 19,726 9,255 26.7% 1 516

May

954 81,790 29,428 20,056 9,372 26.7% 0 516

June

774 82,564 29,852 20,359 9,466 26.9% 0 516

July

1,117 83,681 30,222 20,674 9,548 26.9% 2 518

August

1,558 85,239 30,886 21,271 9,615 26.7% 0 518

September

1,482 86,721 31,548 21,763 9,785 26.4% 2 520

October

876 87,597 31,639 21,832 9,807 26.4% 0

520

November

1,448 89,587 31,811 21,492 9,869 26.2% 1

521

December

414 90,001 31,925 22,026 9,899 26.0% 1

521

2014

January

720 91,721 32,096 22,141 9,948 25.9% 0 521

February

1,254 92,975 32,227 22,222 10,005 25.4% 1 522

*  Since April 2003/Source: HHS Office for Civil Rights
· Please credit  Health Information Privacy/Security Alert if you cite any of these statistics.


White Paper
HIPAA/HITECH Act Enforcement 2003-2013:
The Role of Patient Complaints in Medical Privacy and Data Security


OCR Security Stats

OCR said it received 813 complaints alleging a security rule violation since it took over enforcement from CMS in October 2009.

The agency statistics suggested that it received 15 complaints in February, compared to 21 complaints in January and nine in December.

OCR said it closed 598 592 complaints after investigation and corrective action. That suggested that the agency closed four cases in February. It close eight cases in January and five cases in December.

OCR said it had 280 open complaints and compliance reviews compared to 271 in January and to 271 in December.r.


HIPAA Transactions Standards

Complaints Received by CMS
Through Jan. 31, 2014
Complaint Type Total Open Closed
Transaction and Code Sets 808 21 787
National Provide Identifier 62 0 62
Total 870 21 849
No Civil Penalties Imposed

Open –Outstanding issues remain. Entity may be under a corrective action plan or additional information from either the complainant, the filed against entity, or both is being sought.
Closed–No further action required. All issues have been sufficiently resolved.

  Source: CMS

Subscribe to HIPAA & Breach Enforcement Stats

© 2013 Melamedia LLC

 
 
 

HIPAA Enforcement Stats