The Seven Most Likely Causes of Major HIPAA Breaches

Computer Security

While it is important to comply with all of the mandates of the Omnibus Rule, I think it is instructive to know from where the most vulnerable areas of breach of PHI arise.

In a recent presentation to a limited number of attorneys in which I participated, an investigator for the Office for Civil Rights (OCR) advised that with respect to breach notification of major HIPAA breaches (those in which the PHI of 500+ individuals had been disclosed), as of February 27, 2015,  OCR’s  records indicate that the following were the percentages attributable to the causes/circumstances for those breaches:

  1.   Paper records 22%
  2.   Laptop 21%
  3.   Desktop computer 12%
  4.   Network server 12%
  5.   Portable Electronic device 11%
  6.   Email 7%
  7.   EMR 4%
  8.   Other 11%


Leave a Reply

Your email address will not be published. Required fields are marked *