PHI Data Breaches Increased between 2010 and 2013, Says Study

​The number of data breaches of protected health information (PHI) reported by healthcare providers and health plans has increased each year between 2010 and 2013, according to an analysis of 949 data breaches reported to the U.S. Department of Health and Human Services (HHS) and affecting 29.1 million records. The findings are published in the April 14, 2015, issue of the Journal of the American Medical Association (JAMA). Under a 2009 law, healthcare providers and health plans covered by the privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA) must report to HHS data breaches affecting 500 individuals or more. The majority of the data breaches occurred as a result of theft (58.2%), followed by unauthorized access or disclosure of PHI (14.8%), loss or improper disposal of data (11.1%), hacking or information technology (IT) incidents (7.1%), and other reasons (9.0%).