Daily news stories about data breaches and enforcement actions seem to be the new norm, so it’s no surprise that people may start to believe that hackers have won the war and that no personal health information is safe. But exactly how many breaches have been reported in the last several years? And were the breaches the result of nefarious plots or just plain incompetence? About how many HIPAA investigations has the government actually launched?

Rest assured, Congress has been asking similar questions as well. The HITECH Act requires the Department of Health and Human Services Office for Civil Rights (OCR) to submit annual reports to Congress that provide contextualized information about incident rates and government action; OCR published its most recent two reports on Breaches of Unsecured Protected Health Information (Breach Report) and HIPAA Privacy, Security, and Breach Notification Rule Compliance (HIPAA Compliance Report).  In addition to including cumulative data, the reports cover relevant activities that occurred between January 1, 2011, and December 31, 2012. Continue reading…