HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. This page is regularly updated to reflect the latest healthcare data breach statistics.

HIPAA 110

HIPAA Ransomware Compliance Hospitals 110

HIPAA Journal

DECEMBER 31, 2022

Two of the HIPAA violation categories are designated for Covered Entities and Business Associates that can demonstrate reasonable due diligence, whereas the other two are for entities guilty of willful neglect. They were significantly increased in the HITECH Act of 2009; and, since 2015, they have been adjusted for inflation annually.

HIPAA 133

HIPAA Due Diligence Compliance Fraud 133

HIT Consultant

DECEMBER 26, 2021

Government mandates were an impetus for change, starting with the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009 to “promote the adoption and meaningful use of health information technology” (Office of Civil Rights (OCR), 2017).

Due Diligence 98

Due Diligence Compliance HIPAA Nurses 98

HIT Consultant

FEBRUARY 9, 2023

Independent software vendors (ISVs) that offer products utilizing cloud services must also do their due diligence and ensure that their cloud services provider has third-party certifications such as HITRUST or PCI DSS compliance to protect their customers’ data and their reputation as a trusted vendor.

Regulatory Compliance 52

Regulatory Compliance Due Diligence Compliance Compliance Framework 52

Hall Render

AUGUST 24, 2023

The government must also act with due diligence to preserve its claim. The Fifth Circuit noted that the government reasonably should have known facts material to its causes of action at that time, thus the government cannot invoke the FCA’s tolling provision, and its claims against the defendant before September 2009 should be barred.

Governance 40

Governance Due Diligence Hospitals 40

HIT Consultant

NOVEMBER 27, 2024

This includes thorough due diligence before onboarding new vendors, continuous monitoring of their security practices, and clear contractual agreements that outline security expectations. Prior to that, they worked at East Sussex County Council as a School ICT Applications Manager from September 2009 to June 2011.

Due Diligence 52

Due Diligence HIPAA Compliance Ransomware 52

HIPAA Journal

APRIL 15, 2023

For example, healthcare providers that outsource claims and billing operations do not have to comply with Part 162 of the Regulations – although it is necessary to know what they are in order to conduct due diligence on third party service providers.

HIPAA 93

HIPAA Compliance Due Diligence Elder Abuse 93