Following the HITECH Act, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued regulations requiring covered entities to provide certain notifications for breaches of unsecured protected health information. OCR provides data on its website for breaches affecting 500 or more individuals. To better understand trends for these large breaches, we have compiled two sets of charts. The first set looks at all breaches reported to OCR, by the cause of breach and the type of media involved. We have provided charts by number of breach incidents reported as well as by number of individuals affected, as this may help understand causes or types of media that affect a disproportionate number of individuals. To better analyze breaches happening at the business associate level, we have provided the same charts based on the OCR data where OCR indicates a business associate was involved.

Charts of all breaches reported to OCR