© Redspin, Inc. Page 3
A total of 538 large breaches of protected health information (PHI)affecting over 21.4 million patient records
have been reported tothe Secretary of Health and Human Services (HHS) since theAugust 2009 interim final breach notification rule was issued as apart of the Health Information Technology for Economic andClinical Health (HITECH) Act.
To prepare for our 3
Breach Report / Protected Health Information,
we spentweeks reviewing the complete statistical data set of breaches reported to HHS since2009. Based on our analysis,
an objective assessment of the overalleffectiveness of the policies and controls that have been put in place to safeguardprotected health information. By identifying significant trends and drawing attention tospecific areas in need of improvement, we hope to help the healthcare industry improveits ability to protect patient information. That is our goal. To that end,
recommendations for preventive measures and corrective action to addressthe most critical weaknesses.
These numbers include breaches that affected >500 individuals and were reported to HHSfrom August 2009 to January 17, 2013. Those that impacted less than 500 are also reported tothe HHS on an annual basis but the specifics are not made publicly available.