Skip Navigation LinksHome | Editors' Blog | Post

HIPAA "Wall of Shame" tops 2,000

The feds' dishonor roll of entities that have sustained a HIPAA breach of 500 individuals or more has topped 2,000 for the first time.

If you go directly to the U.S. Department of Health and Human Services Office for Civil Rights (OCR) Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information -- informally known as the Wall of Shame -- you'll find that there are 1,674 resolved reports of HIPAA breaches involving 500 or more individuals, and 357 such breach reports that are currently under investigation, for a grand total of 2,031 since 2009.

Various sources, including HIPAA Journal and the McDonald Hopkins law firm, noted the milestone earlier this month. HIPAA breaches are impermissible uses or disclosures under the HIPAA Privacy Rule that compromise the security or privacy of protected health information (PHI). 

This doesn't count the tens of thousands of breaches affecting fewer than 500 individuals. which are also reportable, though these affected entitites have up to 60 days after discovery to tell OCR about it, while 500-and-over breaches must be reported to both OCR and the affected individuals immediately -- and are more likely to draw an OCR press release and a huge fine (and a spot on the Wall).

It's worth remembering, though, that you can be fined millions of dollars for small breaches if the breach is egregious enough -- as when a Texas hospital outed an undocumented immigrant's PHI in 2015 and had to pay $2.4 million.
To comment, login here.
Reader Comments (0)

Login

User Name:
Password:
Welcome to the new Part B News Online. If you are a returning user having trouble logging in, please click here.
Back to top