Report: Breaches of health information on the rise since 2015

Editor's Note

According to an “electronic health information” release by the US Government Accountability Office (GAO), titled “HHS Needs to Improve Communications for Breach Reporting” and published on May 27, the Department of Health and Human Services (HHS) has seen an increase in reported breaches of health information since 2015, Healthcare Purchasing News (HPN) June 28 reports.

The breaches of health information in question involve “the unauthorized (intentional or unintentional) exposure, disclosure, or loss of an individual's identifiable health information,” the report specified. In 2015, there were 270 reported breaches affecting 500 or more individuals, according to GAO; that number increased to 714 in 2021. Between 2018 and 2019, the data showed a 38.75% jump in reported breachers (369 and 512 reported breaches, respectively), the biggest jump year over year during the period covered by the study.

Breaches are reported by various covered entities, including health plans, healthcare providers, business associates performing certain functions that involve personal health information, and healthcare clearinghouses. While the number of reported breaches has steadily increased, the number of affected individuals has varied each year from approximately 5 to 113 million, the report noted.

In the report, GAO recommends that HHS establishes a feedback mechanism to improve the effectiveness of its breach reporting process, which HHS reportedly concurred.