EHRs cited as data breaches continue upward climb

A move toward electronic health record (EHR) use by hospitals and provider organizations may be one of the top reasons behind the rising numbers of medical data breaches occurring across the country. Up to May 4, at least 272 entities have reported breaches of protected health data--affecting more than 10 million people since recordkeeping started in December 2009 by the Department of Health and Human Services' Office for Civil Rights.

"The idea of a breach on that scale back in the paper-based days--whether through unlawful or simply negligent behavior--was highly unlikely," David Ting, CTO of access-management vendor Imprivata, said in an interview with eWeek.

Today hundreds of thousands of records containing electronic patient health information can be stored in a device much smaller than a lunch box, he said.

In the time since the OCR began its reporting, an average of 18 entities have reported data breaches every month. Also, of the 272 entities currently listed on the OCR's site, more than a dozen reported data breaches within the last 45 days.

The largest breaches on the list reported within the past few months are: Health Net, which reported a potential breach affecting the health records of 1.9 million past and current enrollees in March, and the New York City Health and Hospitals Corp., which reported a theft related to EHRs and other sources affecting 1.7 million patients in February.

For more information:
- see the HHS Office for Civil Rights list
- view the eWeek article