After HIPAA Omnibus, Breach Tally Spikes

October 20, 2014

Huge Increase in Incidents Under New Notification Guidance

By , September 23, 2014. Follow Marianne @HealthInfoSec

In the year since federal regulators began enforcing the HIPAA Omnibus Rule, there’s been a significant spike in the number of major breaches posted on the Department of Health and Human Service’s “wall of shame” tally of incidents affecting 500 or more individuals.

Since HIPAA Omnibus enforcement began last September, the tally has grown by a whopping 67 percent to include 1,126 major incidents, up from 674. The number of individuals affected grew from a total of about 27 million individuals as of late September 2013 to about 38.7 million as of this week, a 43 percent increase (see Wall of Shame: Four Years Later).

Experts say a number of factors contributed to the spike in reported incidents. In addition to the growing mindfulness of HIPAA compliance requirements among many covered entities and business associates – and ramped up regulatory enforcement activities – a significant factor is the HIPAA Omnibus Rule’s much more detailed breach notification guidance. In a nutshell, security incidents are now presumed to be reportable unless healthcare organizations demonstrate through the four-factor assessment that risks are low.

Read more…

Posted in Asset Mngmt Compliance Requirements /Data Breach News /