Prevail Health
  • Introduction
  • What Is HIPAA
  • PHI and PII
  • Why all the fuss about HIPAA
  • HIPAA Entities
    • Subcontractors
    • Covered Entities
    • Business Associate Agreement (BAA)
  • Your Summary HIPAA Responsibilities
    • Security Key Contacts and Roles
    • System Access
    • Physical Access
    • Downloading PHI Data Locally
    • Incident Management
    • Sanctions
  • HIPAA Breaches
    • What does it mean for you
    • Expectations Vs Reality
  • Sections of HIPAA
    • HIPAA Rules
  • ASSESSMENT
    • HIPAA Knowledge Assessment
Powered by GitBook
On this page

Was this helpful?

  1. HIPAA Breaches

Expectations Vs Reality

PreviousWhat does it mean for youNextHIPAA Rules

Last updated 5 years ago

Was this helpful?

The majority of breaches are actually not software breaches. They’re not hacking into a system that causes the unauthorized disclosures. Breaches affecting over 500 records are published at by CMS. You can see there’s a searchable database of breaches that have occurred, how many records were affected and the type of breach. The vast majority of breaches are hardware breaches. The majority, if not almost all of the breaches, seem to happen because of employee carelessness

It seems like it’s almost always a contractor’s laptop that’s been unencrypted and has been storing tons of patient records. The laptop is stolen from a car or a house or a coffee shop or an airport or whatever.

“Hacking/IT Incident” only accounts for a relatively small number of breaches. There is great potential to have a breach with a malicious hacker breaking into a private network or any sort of cloud-based storage, especially public cloud. This potential has fueled much of the slow pace of ePHI to the cloud.

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf