Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A list of data breaches by the Office for Civil Rights in the U.S. Department of Health and Human Services reveals that more than 10 million patients have been affected by security lapses in about 260 health care-related incidents reported since 2009.

The department began compiling the list on Feb. 22, 2010, when the HITECH Act breach notification rule was enacted. Section 13402(e)(4) of the rule requires health care organizations to report breaches affecting more than 500 people within 60 days to HHS Secretary Kathleen Sebelius. HHS then adds the incidents to the list on its Website.

Cases that have been reported to HHS date back to Sept. 22, 2009.

The breach on the HHS list impacting the most patients involved insurance provider HealthNet in Rancho Cordova, Calif. In that case, about 2 million people were affected when nine server drives disappeared from the company’s data center on Jan. 21.

The second-largest breach occurred when computer backup tapes were stolen from a truck belonging to the North Bronx Healthcare Network in New York, placing the data of 1.7 million patients, staff members and others at risk.

Meanwhile, HHS has penalized organizations such as Massachusetts General Hospital and Cignet Health for cases that violated HIPAA (Health Insurance Portability and Accountability Act) privacy regulations.

A move toward EHRs (electronic health records) or EMRs (electronic medical records) could be to blame for the rise in security breaches, according to David Ting, CTO of access-management vendor Imprivata.

"The scale of breaches has risen exponentially along with the adoption of EMR systems, and today hundreds of thousands of records containing electronic patient health information can be stored in a device smaller than a lunch box," Ting wrote in an email to eWEEK. "The idea of a breach on that scale back in the paper-based days, whether through unlawful or simply negligent behavior, was highly unlikely."

For more, read the eWEEK article: Health Care Data Breaches Affect 10 Million Patients Since Fall 2009.

Subscribe for updates!

This field is required This field is required