Pursuant to the Health Insur–ance Portability and Accountability Act  of  1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches of unsecured protected health information (“PHI”).1 The information provided to HHS provides companies with a high level of insight concerning the types of breaches that occur in the health care industries.

The data collected by HHS concerning breaches affecting 500 or more individuals in 2014 shows that low-tech breaches remain the most common form of data loss in the health sector – surpassing the more publicized hacking events.

Click here to view the table.

Things to consider when reviewing your information security program in light of HHS data:

Click here to view the table.