Erin McCann, Associate Editor

Erin McCann is Associate Editor at Healthcare IT News. She covers physician practices, ambulatory care and social media in healthcare. Follow Erin on Twitter @EMcCannHITN

Top 5: Data breach winners and losers by state

September 13, 2012

In an epoch of Web hackers, procedural slackers, unauthorized users and viewers, PC pinchers and server swindlers, it’s a hard knock life for patient privacy.

Nearly 20 million patient health records have been compromised since the Aug. 2009 Breach Notification Rule, which requires that HIPAA-covered groups give notification following a data breach involving 500 or more individuals. And breach numbers haven't shown signs of waning any time soon.

In fact, according to a 2011 Redspin report, which collected data from the Department of Health and Human Services (HHS), the total number of records breached jumped 97 percent within a single year. Moreover, according to some reports, data breaches can cost the healthcare industry, on average, $6.5 billion annually.

Such alarming numbers, together with the indiscriminate nature of breaches, means privacy is a luxury these days. This luxury, however, is not one typically bought or afforded, but rather one where you cross your fingers and hope for the best.

So who are the biggest offenders by state?

Generally, states with the highest population have the highest number of data breaches. For instance, California and Texas top the list, banking the highest number of data breaches in the nation. However, when population is taken into consideration, the numbers change substantially.

Using data from the HHS, here are the best and the worst states in terms of number of records breach per 1,000 people.

[See also: Slideshow: 10 biggest HIPAA data breaches in the United States ]

Blacklisted: Top 5 states with the highest number of data breaches
1. Virginia – 607 data breaches per 1,000 people Although only having seven data breaches since the 2009 Breach Notification Rule, health organizations in Virginia have compromised the privacy and security of some 4,919,457 individuals. That’s more than half of the state’s population, which the U.S. Census Bureau has pegged at 8,096,604. Responsible for the bulk of that is the TRICARE Management Activity breach, which occurred Sept. 14, 2011. This single breach compromised the personal health information (PHI) of nearly 5 million people, effectively catapulting Virginia to the top of the list.
2. Utah – 279 data breaches per 1,000 people Previous 1 2 Single Page Next Add a comment EMAIL PRINT Is this story relevant to you? Receive Healthcare IT News coverage delivered directly to your inbox. Showing 1 Comments TomMariner say: Equal time September 14, 2012 \| 12:44 PM GMT I missed the part in the article that stated the exact numbers of patients helped by having electronic records rather than those green folders with the numbers. And also missed the citing of the exact physical and monetary harm that was caused by the "breaches". Not to diminish the importants of confidentiality of patient health records, but if we are to dramatically feature slackers, hackers, and offenders, isn't anybody going to consider that if you give out draconian fines for not knowing if a hearing aid record was ever looked at, but do not care how a single electronic record was used to improve outcomes for a patient or a medical professional, that we will all abandon our technology to the lawyers and go back to the green folders? How about equal time for the great news of Health IT rather than papering the wall with easy numbers from the government. Or we could just go back to repeating every imaging study, lab test and reexamining every patient. Login to post comments Most Read News People Organizations Lawsuit: IRS stole 60M patient records EHRs fail tests, certifications revoked IRS seizes 60M medical records EHR part of MaineHealth's financial woes Telemedicine shows ROI at ATA Mostashari, Farzad Bria, William Hartz, Eric Berwick, Donald Kolodner, Robert Epic The Office of the National Coordinator for Health Information Technology (ONC) Healthcare Information and Management Systems Society (HIMSS) Carefx HIMSS analytics HIMSS Jobmine Sr Director, Global Digital Develoment - Pfizer Inc - New York City, NY Director of Clinical Applications - MidMichigan Health - Midland, MI Information Services Director - Central Peninsula Hospital - Soldotna, AK CODER III - Dignity Health - Phoenix, AZ Director, Marketing and Business Development - Vermont Information Technology Leaders, Inc. - Burlington, VT Poll Is your org pumping up patient engagement efforts? Yes No Featured Resources Reliability in the Cloud - Shifting email responsibility to hosted exchange provider Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach. Learn More Meaningful Use - Now or Never Tips and tools to help healthcare professionals on the path to MU and beyond. Learn More Improve the patient experience. Improve your technology! Visit this resource center for IT trends, predictions and priorities for 2013 and beyond. In addition, access case studies and interviews with your peers so you can learn how to deliver the best patient care possible. Learn More How to Get Paid for Meaningful Use: 7 Tips from the EHR Trenches If your vendor does not provide a strong level of support, the process of Meaningful Use attestation may be much more difficult and costly than your practice can afford - and perhaps even impossible to achieve. Read this whitepaper for important advice on the difficulties involved in meeting meaningful use requirements and how to overcome them. Learn More Video Your browser/device does not support Flash CIO Spotlight Episode 5: Ed Ricks Ed Ricks, CIO of Beaufort Memorial Hospital in South Carolina, discusses the impact of health reform on health IT with Healthcare IT News Associate Editor Erin McCann. HIMSS13TV exclusive event coverage and interviews Blogs Using Technology to Engage Patients May 21, 2013 \| Charlie Jarvis In the “computer world” in which we live today, patients are using technology to address their healthcare needs in ways that we have never seen before. More The Star Thrower, or How Healthcare Looks to Consumers May 20, 2013 \| Lisa Suennen It is always interesting how events find ways of connecting themselves together even when they seem so unrelated. More Who Writes Clinical Notes? May 20, 2013 \| Keith W. Boone This question was the fundamental question being addressed in a recent Structured Documents Workgroup meeting. At the root of it is whether or not a patient authored note belongs, or doesn't belong in the CDA Consolidation Guide as it is further developed by HL7. More Solving the Claim Overpayment Conundrum May 17, 2013 \| Terry Cameron Although “pay-and-chase” methods are still commonplace, health plans can supplement their recovery efforts with pre-payment analytics. More See all blogs June 13th @ 12PM ET -- Building the Underlying Infrastructure of a State-of-the-Art Children’s Hospital May 21st @ 11AM ET -- Microsoft’s Role in Health Analytics for an Epic Provider June 4th @ 1PM ET -- Standalone Universal Viewing Platform: A practical and affordable approach to image enabling the EMR June 12th @ 2PM ET -- Million Dollar HIPAA Penalties for Healthcare June 3rd @ 2PM ET -- Closed-Loop Clinical Documentation - An Alternative Approach to Achieving Meaningful Use of EHRs Marketplace About ▶ Contact Us Advertising Information Editorial Masthead Privacy Policy Reprints & Permission Affiliate Sites ▶ HIMSS mHIMSS HIMSS JobMine Healthcare Finance News Healthcare Payer News PhysBizTech Government Health IT ICD10Watch HIEWatch ICD-10 Playbook Healthcare IT News International Monthly Issues ▶ Subscribe Download eReader App Supplements © 2013 Healthcare IT News is a publication of MedTech Media, a division of HIMSS Media.

Blacklisted: Top 5 states with the highest number of data breaches

1. Virginia – 607 data breaches per 1,000 people

Although only having seven data breaches since the 2009 Breach Notification Rule, health organizations in Virginia have compromised the privacy and security of some 4,919,457 individuals. That’s more than half of the state’s population, which the U.S. Census Bureau has pegged at 8,096,604. Responsible for the bulk of that is the TRICARE Management Activity breach, which occurred Sept. 14, 2011. This single breach compromised the personal health information (PHI) of nearly 5 million people, effectively catapulting Virginia to the top of the list.

2. Utah – 279 data breaches per 1,000 people

View the discussion thread.

Showing 1 Comments

TomMariner say: Equal time

September 14, 2012 | 12:44 PM GMT

I missed the part in the article that stated the exact numbers of patients helped by having electronic records rather than those green folders with the numbers. And also missed the citing of the exact physical and monetary harm that was caused by the "breaches".

Not to diminish the importants of confidentiality of patient health records, but if we are to dramatically feature slackers, hackers, and offenders, isn't anybody going to consider that if you give out draconian fines for not knowing if a hearing aid record was ever looked at, but do not care how a single electronic record was used to improve outcomes for a patient or a medical professional, that we will all abandon our technology to the lawyers and go back to the green folders?

How about equal time for the great news of Health IT rather than papering the wall with easy numbers from the government. Or we could just go back to repeating every imaging study, lab test and reexamining every patient.

Featured Resources

Reliability in the Cloud - Shifting email responsibility to hosted exchange provider

Cloud-based Microsoft Exchange service features all the mission critical enterprise-class communication and collaboration capabilities of an in-house solution without the unpredictable costs and management headaches. With flexible customization options, healthcare organizations can seamlessly move to a cloud-based solution without compromising security or altering their current encryption approach. Learn More

Meaningful Use - Now or Never

Tips and tools to help healthcare professionals on the path to MU and beyond. Learn More

Improve the patient experience. Improve your technology!

Visit this resource center for IT trends, predictions and priorities for 2013 and beyond. In addition, access case studies and interviews with your peers so you can learn how to deliver the best patient care possible. Learn More

How to Get Paid for Meaningful Use: 7 Tips from the EHR Trenches

If your vendor does not provide a strong level of support, the process of Meaningful Use attestation may be much more difficult and costly than your practice can afford - and perhaps even impossible to achieve. Read this whitepaper for important advice on the difficulties involved in meeting meaningful use requirements and how to overcome them. Learn More

Video

CIO Spotlight Episode 5: Ed Ricks

Ed Ricks, CIO of Beaufort Memorial Hospital in South Carolina, discusses the impact of health reform on health IT with Healthcare IT News Associate Editor Erin McCann.

HIMSS13TV exclusive event coverage and interviews

Blogs

Using Technology to Engage Patients

May 21, 2013 | Charlie Jarvis

In the “computer world” in which we live today, patients are using technology to address their healthcare needs in ways that we have never seen before. More

The Star Thrower, or How Healthcare Looks to Consumers

May 20, 2013 | Lisa Suennen

It is always interesting how events find ways of connecting themselves together even when they seem so unrelated. More

Who Writes Clinical Notes?

May 20, 2013 | Keith W. Boone

This question was the fundamental question being addressed in a recent Structured Documents Workgroup meeting. At the root of it is whether or not a patient authored note belongs, or doesn't belong in the CDA Consolidation Guide as it is further developed by HL7. More

Solving the Claim Overpayment Conundrum

May 17, 2013 | Terry Cameron

Although “pay-and-chase” methods are still commonplace, health plans can supplement their recovery efforts with pre-payment analytics. More