-->Skip to main content
In 2016, the Office of Civil Rights at Health and Human Services is expected to conduct HIPAA Phase 2 audits at about 350 Covered Entities. They will check to see that a robust security policy is in place. For more details, see our post about these audits.
The U.S. Department of Health and Human Services, Office for Civil Rights, maintains a database of data breaches of protected health information affecting 500 or more individuals. The table we provided on this page is a summary of a search of the database for breach records pulled for 2015 as of January 14, 2017. It is often the case that HHS will post additional breach reports for previous years as the information comes available, so the number of breaches and affected individuals may rise.
|Type of Reported Breach
Jan 1, 2016 - Dec 31, 2016, reported as of 1/14/17
|Individuals Affected||Covered Entities Impacted|
You can search the database yourself at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. The organizations that make up the 11 "losses" or "improper disposal" that caused potential data breaches are listed here:
|Name of Covered Entity||State|
|Linda J White, DDS, PC||VA|
|OptumHealth New Mexico||MN|
|Briar Hill Management||MS|
|MGA Home Healthcare Colorado, Inc.||AZ|
|The Outer Banks Hospital||NC|
|Edwin Shaw Rehabilitation||OH|
|W. Christopher Bryant DDS PC||MI|
|Karmanos Cancer Center||MI|
|Grx Holdings, LLC dba Medicap Pharmacy||IA|
|New West Health Services d/b/a New West Medicare||MT|
Cascade also maintains a list of data breaches related to poorly managed IT Asset Disposition programs. If you want justification for managing a comprehensive and effective data destruction program, use this information to support your position.