Chris Bennington of Epstein Becker Green writes, in part:
The HITECH Act requires OCR to issue annual reports to Congress of HIPAA breaches and complaints received by OCR during the calendar year. For 2020, OCR reported that it received 656 notifications of breaches affecting 500 or more individuals, 66,509 notifications of breaches affecting fewer than 500 individuals, and 27,182 complaints alleging violations of HIPAA and the HITECH Act. The number of “500+” breaches increased by 61% from the number received in 2019, and OCR reported that those 656 breaches affected over 37 million individuals.
OCR’s breach report contains useful information regarding the most commonly reported categories of breaches and OCR’s recommendations on best practices to avoid such breaches. OCR reported that 68% of the “500+” breaches in 2020 involved “hacking/IT incidents of electronic equipment or a network server” while 23% involved “unauthorized access or disclosure of records containing PHI.”
Read more at The National Law Review.
Related: Annual Report to Congress