General Information

First Report of Breaches Released to Congress

The Office of Civil Rights within the U.S. Department of Health and Human Services has released its first report to Congress on breaches of unsecured protected health information that occurred between September 23, 2009 (The date the breach notification requirements became effective) and December 31, 2010.  The report is required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. 

The report contains information on breaches by entities and business associates as required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) .  The primary reason for reported breaches during the time period was theft of both paper records and electronic media, the largest single breach affecting 1.9 million individuals.  Improper disposal of paper records by covered entities or business associates was reported as central to paper record breaches.

The majority of covered entities stated that encryption of  electronic data would be utilized to avoid future breaches of unsecured electronic data.

Most breaches involving fewer than 500 individuals were due to misdirected communication.

The report can be found at