Following the HITECH Act, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued regulations requiring HIPAA covered entities to provide certain notifications for breaches of unsecured protected health information. OCR provides data on its website for breaches affecting 500 or more individuals.

To better understand trends for these large breaches, we have compiled a series of charts. The first set looks at all breaches affecting 500 or more individuals posted on the OCR, by the cause of breach and the type of media involved. We have provided charts by number of breach incidents reported as well as by number of individuals affected, as this may help understand causes or types of media that affect a disproportionate number of individuals. To better analyze breaches happening at the business associate level, we have provided the same charts, based on the OCR data, where OCR indicates a business associate was involved. Finally, we have provided charts illustrating the number of breaches, and number of individuals affected, according to the OCR data by business associates or type of covered entity involved.

View our latest health care breach charts

View our breach charts from Fall 2015Spring 2015, or 2014