Customize your JAMA Network experience by selecting one or more topics from the list below.
McCoy TH, Perlis RH. Temporal Trends and Characteristics of Reportable Health Data Breaches, 2010-2017. JAMA. 2018;320(12):1282–1284. doi:10.1001/jama.2018.9222
Protections for private patient data and mandatory public reporting of breaches of data confidentiality were established by the 1999 Health Insurance Portability and Accountability Act (HIPAA) and 2009 Health Information Technology for Economic and Clinical Health Act. Between 2010 and 2013, data breaches involving at least 29.1 million patient records were reported. The ongoing transition to electronic health records may increase such breaches.1,2 We used public data to examine the nature and extent of breaches from 2010 through 2017.
We downloaded all breaches posted to the US Health and Human Services Office for Civil Rights breach database portal between January 1, 2010, and December 31, 2017, and analyzed secular trends in number of breaches and number of records affected in terms of 3 categories reported in the federal database: business associate, health plan, and health care provider (terms used in the federal database); we also examined breached media and type of breach, which are defined in the figure legends.3 An additional category, health care clearing house, had only 4 breaches and was omitted for clarity. When a breach was reported as involving multiple media or types, we attributed the full breach to each category. As such, if a single breach of 500 records involved email, laptop, and network server, then each of these 3 categories was assigned a breach of 500 records. This allowed correct reporting of breaches within each medium and breach type category but precluded summation over categories (covered entities are not multiply assigned).
Create a personal account or sign in to: