Data Breaches of Protected Health Information in the United States | Electronic Health Records | JAMA | JAMA Network
[Skip to Content]
Access to paid content on this site is currently suspended due to excessive activity being detected from your IP address Please contact the publisher to request reinstatement.
[Skip to Content Landing]
Research Letter
April 14, 2015

Data Breaches of Protected Health Information in the United States

Author Affiliations
  • 1Kaiser Permanente Division of Research, Oakland, California
  • 2Stanford Center for Biomedical Informatics Research, Stanford, California
  • 3Department of Computer Science, Stanford University, Stanford, California
JAMA. 2015;313(14):1471-1473. doi:10.1001/jama.2015.2252

Reports of data breaches have increased during the past decade.1,2 Compared with other industries, these breaches are estimated to be the most costly in health care; however, few studies have detailed their characteristics and scope.1

We evaluated an online database maintained by the US Department of Health and Human Services describing data breaches of unencrypted protected health information (ie, individually identifiable information) reported by entities (health plans and clinicians) covered under the Health Insurance Portability and Accountability Act (HIPAA).3 Under the Health Information Technology for Economic and Clinical Health Act of 2009, breaches involving the acquisition, access, use, or disclosure of protected health information and thus posing a significant risk to affected individuals must be reported.4