Bookmark and Share

HIPAA & Breach Enforcement Statistics for July 2014

Produced by Health Information Privacy/Security Alert
Published by Melamedia, LLC


Bookmark and Share  

New Webinar
Defending Your Organization's Name In the World of HIPAA
NEW DATE: Wednesday, July 23, 2014
1 pm - 2:30 pm

Our Webinars
 on CD

Webinars Qualify for IAPP CEs

New On-Demand Webinar
Learn What Class Action Attorneys Look for in HITECH Breaches
May 1, 2014


Confronting HIPAA & HITECH Vulnerabilities in Health Data Registries
Feb. 27, 2014
Order On-Demand Access


HIPAA/HITECH Compliance & FDA's Mobile Medical Apps Guidance
Oct. 30, 2013
Listen to a Sample


Special Offer
Don't Act Rashly in Punishing Security Violations!
Special Offer
3-Part Series: Domino Effects of HIPAA & HITECH on the Workforce


2-Part Webinar Package
Cutting Through the Hype On HIPAA & HITECH Enforcement
Save More than $100 When You Order Both CDs



The Effects of the Supreme Court Rulings on Same-Sex Marriage on Patient Rights, and HIPAA and HITECH Compliance Aug. 13, 2013

Listen to a Sample


Understanding & Deploying OCR's New Data De-Identification Guidance
Jan. 17, 2013


Physical Security Continues to Dominate HITECH Breaches

BA Reasons for Breaches
 As of June. 17, 2014
# of Breaches Reason
110 Theft
53 Unauthorized Access/ Disclosure
31 Other
30 Loss
Source: Health Information Privacy/Security Alert  Analysis of  HHS Office for Civil Rights Data

Health data breaches involving more than 500 patients rose to 1026 from 992 as OCR posted 34 new incidents affecting more than 227,496 patients, according to the latest analysis by HIP/SA of OCR data from May 18 through June 17.

More than 31,650,607 patients have been affected overall since OCR started publishing data.
Business Associates (BA) may have been involved in as many as 297 incidents. However, that number is uncertain because the OCR statistics do not indicate whether a Business Associate was involved in 24 instances.

Theft was the leading cause of the reported breaches, accounting for 476 by itself and involved i
The states with most breaches were: California (57), Texas (41), New York (30), Florida (23), and Illinois (23).

The states in which the most people were affected by breaches were: Virginia (4,919,466), California (3,668,127), Florida (2,617,544) and New York (2,350,658).

A fuller analysis of the health data breaches is available in Health Information Privacy/Security Alert.

Take advantage of a special offer for a one-year e-subscription to Health Information Privacy/Security Alert click here


Special Subscription Offer
from
Health Information Privacy/Security Alert

  Save 50% on an Annual Subscription
& Get Any One of Our Webinars on CD for Free
 Get Additional Webinars for only $69 each.

or Subscribe for 6 Months for only $99
 Download the Order Form
 
 visit Melamedia's Education Page
 for a Complete List of Eligible Webinars


HIPAA Complaints Exceed 2,000 per Month

OCR reported it received 97,702 HIPAA patient complaints, since the agency began enforcing the privacy rule in April 2003.

The number indicated that it received 2,114 in May. It received 1,143 complaints in April and 1,470 complaints in March.

Of the 32,795 complaints that fell within OCR's jurisdiction since April 2003, 22,613 required corrective action by covered entities (CEs).

An analysis by HIP/SA found that the agency determined that 178 CEs were required to take some action in May compared to 144 in April and 131 in March.

Investigations of the remaining 10,182 complaints within OCR's jurisdiction found no violation. That meant that 68 complaints did not uncover a HIPAA violation in May.

OCR said it resolved 95% of all the complaints that it had received since April 2003. That resolution level also included a very large number of complaints (58,973) that did not fall within OCR's jurisdiction. Almost two-thirds of patient complaints lodged with OCR fall outside the agency's jurisdiction.

Overall, about 24.6% of all complaints resulted in some corrective action by CEs through May 2014. That was slightly lower than the 24.9% in April and 25.1% in March.

OCR indicated that it had 5,304 complaints in some phase of investigation in May, compared to 5,177 complaints in in April and 5,448 in March.

The agency has referred 530 complaints to the Department of Justice for possible criminal prosecution. That suggested that it made four referrals in May.

The privacy areas investigated most often were:

  • Impermissible uses and disclosures of protected health information (PHI);
  • Lack of safeguards of PHI;
  • Lack of patient access to their PHI;
  • Uses or disclosures of more than the Minimum Necessary PHI; and
  • Lack of administrative safeguards of electronic PHI.

The most common types of covered entities that had to take corrective action were:

  • Private Practices;
  • General Hospitals;
  • Outpatient Facilities;
  • Health Plans; and
  • Pharmacies.

HIPAA Enforcement Stats


Subscribe
to
HIPAA & Breach Enforcement Stats


White Paper
Did HITECH Increase HIPAA Patient Complaints?
HIPAA/HITECH Act Enforcement 2003-2013:
The Role of Patient Complaints in Medical Privacy and Data Security




The Ripple Effects of HHS Proposed Requirements
for Accounting of Disclosures

July
2011

 


The Nuts & Bolts of Insurance & Covering
The Costs of Health Data Breaches

Aug. 2010




Visit our
Education Page
for a complete list of webinars



Understanding & Coping with the New HITECH Regulations - 2 Part Webinar Series
February 2013


A Strategic Approach to Protecting Yourself from HIPAA Audits
Oct. 2011

 



SPECIAL OFFER
3-Part Series: Domino Effects
of HIPAA & HITECH  on the Healthcare Workforce

July, Aug. & Sept. 2012



PRIVACY
HIPAA Complaints Lodged with OCR
Through May 30,  2014*

Month

Monthly

Running Total*

Cases  Under OCR Jurisdiction

Cases Requiring CE
Action

Cases Requiring No CE Action

%  Required CE Action of Total Lodged Complaints

Cases Referrals to DoJ

Running Total for DoJ*

2012

April

880 70,107 24,325 16,015 8,310 22.8% 0 500

May

875 70,882 24,681 16,259 8,422 22.9% 2 502

June

967 71,849 25,222 16,708 8,514 23.25% 0 502

July

835 72,684 25,612 17,025 8,587 23.4% 0 502

August

992 73,676 26,071 17,422 8,649 23..6% 0 502

September

878 74,554 26,513 17,767 8,746 23.8% 0 502

October

920 75,474 26,922 18,122 8,800 24% 0 502

November

990 76,464 27,175 18,328 8,847 26.3% 1 503

December

726 77,190 27,466 18,559 8,907 26.3% 6 509
2013

January

686 77,877 27,682 18,711 8,971 26.4% 5 514

February

994 78,871 27,973 18,927 9,046 26.4% 0 514

March

1,049 79,920 28,452 19,306 9,146 26.6% 1 515

April

916 80,836 28,981 19,726 9,255 26.7% 1 516

May

954 81,790 29,428 20,056 9,372 26.7% 0 516

June

774 82,564 29,852 20,359 9,466 26.9% 0 516

July

1,117 83,681 30,222 20,674 9,548 26.9% 2 518

August

1,558 85,239 30,886 21,271 9,615 26.7% 0 518

September

1,482 86,721 31,548 21,763 9,785 26.4% 2 520

October

876 87,597 31,639 21,832 9,807 26.4% 0

520

November

1,448 89,587 31,811 21,492 9,869 26.2% 1

521

December

414 90,001 31,925 22,026 9,899 26.0% 1

521

2014

January

720 91,721 32,096 22,141 9,948 25.9% 0 521

February

1,254 92,975 32,227 22,222 10,005 25.4% 1 522

March

1,470 94,445 32,410 22,353 10,057 25.1% 4 526

April

1,143 95,588 32,617 22,497 10,114 24.9% 4 526

May

2,114 97,702 32,795 22,613 10,182 24.6% 4 530

*  Since April 2003/Source: HHS Office for Civil Rights
· Please credit  Health Information Privacy/Security Alert if you cite any of these statistics.


Comment on Our White Paper
HIPAA/HITECH Act Enforcement 2003-2013:
The Role of Patient Complaints in Medical Privacy and Data Security


OCR Security Stats

OCR said it received 880 complaints alleging a security rule violation since it took over enforcement from CMS in October 2009. The agency statistics suggested that it received 21 In May. It received 21 complaints in April and 17 complaints in March.

The agency said it closed 644 complaints after investigation and corrective action in April. That indicated that the agency closed 26 cases in May. It closed 14 cases in April and six in March.

The security enforcement numbers do not necessarily indicate that patients are not complaining about security issues. OCR explained that it receives fewer security complaints because employees are the most are the most likely to know about these problems.


.


HIPAA Transactions Standards
CMS Did Not Update Stats

Complaints Received by CMS
Through Jan. 31, 2014
Complaint Type Total Open Closed
Transaction and Code Sets 808 21 787
National Provide Identifier 62 0 62
Total 870 21 849
No Civil Penalties Imposed

Open –Outstanding issues remain. Entity may be under a corrective action plan or additional information from either the complainant, the filed against entity, or both is being sought.
Closed–No further action required. All issues have been sufficiently resolved.

  Source: CMS

Subscribe to HIPAA & Breach Enforcement Stats

© 2014 Melamedia LLC

 
 
 

HIPAA Enforcement Stats