- HIPAA Update - http://blogs.hcpro.com/hipaa -

OCR data breach tally passes a milestone

Covered entities have reported breaches of unsecured protected health information affecting 500 or more individuals to the Office for Civil Rights (OCR) nearly once every other day since the HIPAA privacy and security enforcer began posting the information 18 months ago.

The list, posted on the OCR breach notification website [1], hit the 300 mark last week. OCR went live with the site in February 2010, recording breaches that date back to September of 2009.

That’s about 13 breaches per month dating back to the fall of 2009.

The website is part of the breach notification interim final rule [2], in effect since September 2009. OCR withdrew the rule a little more than one year ago from the hands of the Office of Management and Budget (OMB), which reviews rules for government agencies. OCR wanted more time to pursue changes to the rule.

The provisions in the rule include:

OCR enforcement by the numbers: