HIPAA Statistics

5 frightening HIPAA statistics you need to know

HIPAA is a beast. Everyone knows that. But to really hit home with how big a beast HIPAA can actually become, here are 5 frightening HIPAA statistics you need to know.

Total Complaints Received

As of September 2017, the OCR has received more than 165,000 complaints (since April 2003). This means that in less than 15 years, the industry has dealt with nearly 12,000 compliance enforcement issues every year — roughly equating to 1,000 complaints every month for the past 14 years.

If these numbers don’t worry you, then this means one of two things.

One, you are unconcerned with HIPAA compliance.

Or two, you’ve partnered with an MSP who fully manages your compliance.

Total People Affected

Just because we’ve seen more than 165,000 complaints since April 2003 doesn’t mean that only 165,000 people have been affected.

That’s hardly the case.

In fact, just in the first six months of 2017, over 174 million people were affected by 1,996 HITECH breaches.

While the severity of one breach can vary dramatically (depending on the organization in question and the type of breach), that’s roughly an average of 87,000 people affected per breach — and 29 million people affected each month.

If that trend persists for the rest of the year, over 348 million people will be affected by compliance issues by the end of December.

(Imagine how many people have been affected since April 2003.)

Business Associates Involved

Out of nearly 2,000 breaches in the first six months of 2017, 409 of those breaches involved a business associate (a little over 20%). These 409 breaches affected roughly 31 million people.

In other words, a large handful of companies not directly responsible for PHI will be held responsible for it under the HIPAA Rule. This means that these companies might lose money and face criminal penalties if they are deemed liable and at fault.   

This should be an area of major concern for any company currently doing business with a covered entity (or any business potentially considering it). Your company could face just as many fines and penalties after a HIPAA issue as a covered entity could face. Make sure you’re crossing all your t’s and dotting all your i’s to keep your company HIPAA-compliant.

The Leading Cause

The leading cause of breaches in the past year has been theft — which, believe it or not, is a good thing.

Once your team understands the risks of a lost device, it should become more important to them to protect those devices and, in the process, help your company avoid a HIPAA catastrophe.

As an example, laptop theft, in particular, impacted over 5.5 million individuals under HIPAA. However, if your staff understands what it means to lose a laptop, they should become more willing to take better care of it, to know where it is at all times, and to practice good security habits.

Unlike unknown malware and new hacking techniques, a lost or stolen device is something an employee can actually do something about.

The Greatest Vulnerability

Although theft is the leading cause of HIPAA incidents, IT issues are still the greatest vulnerability for any covered entity.

When you compare the 5.5 million people affected by laptop theft to the 119 million people affected by IT issues, this vulnerability becomes rather obvious. While IT issues don’t cause the most breaches, they do stand to have the largest impact.

Because of this, it’s more important than ever to partner with a company who can keep you HIPAA-compliant AND completely secure — they are NOT one and the same. If this is something your business is looking for, then take a look at our HIPAA services. We go above and beyond compliance to deliver the best of both worlds to Colorado SMBs.