Top Five Best and Worst States for Privacy Breaches
When it comes to health data privacy breaches, some states are doing a worse job protecting patient privacy than others, according to an analysis of government data.
Since September 2009, 489 breaches affecting 500 or more people have been reported to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). Collectively, breaches over the past three years have affected over 21 million people who have had their medical records and personal information compromised, lost, or stolen, according to the publicly accessible breach list posted on OCR’s website.
(See this Journal article for more information on the OCR breach reports.)
Based on OCR data, large scale breaches appear to take place more frequently in some states than others. A recent article from Healthcare IT News ranked the top five states with the most data breaches.
Since states with the highest populations likely would also have the highest number of breaches, the article authors accounted for population differences from state to state and the data was analyzed by number of records breached per 1,000 people.
The article only analyzed large scale breaches affecting over 500 people, which must be reported to OCR and posted on its website. This analysis and list does not factor in those breaches affecting under 500 people.
The Worst Offenders
According to the article, the top five worst states for breaches per 1,000 people were:
1. Virginia: 607 breaches per 1,000 people. The majority of the breaches for Virginia originate from the TRICARE Management Activity data breach on September 14, 2011.
2. Utah: 279 breaches per 1,000 people. This number represents a significant drop from the top breach offender, Virginia.
3. New Hampshire: 176 breaches per 1,000 people. Although New Hampshire has only seen two privacy breaches since the rule took effect in 2009, they account for the state’s total 232,171 impacted records.
4. Tennessee: 167 breaches per 1,000 people. Though Tennessee has had 17 breaches since 2009, the Blue Cross Blue Shield of Tennessee data breach makes up the bulk of their issues—the breach is thought to have compromised more than 1 million patients’ information.
5. South Carolina: 141 breaches per 1,000 people. The total number of breached records in South Carolina is the result of eight breaches, with the largest portion of impacted records stemming from of a Spartanburg Regional Healthcare System breach.
The Golden Children
The article also included a list of the top five “Golden Children,” those states with the fewest number of breached records per 1,000 people:
1. Hawaii: 0 breaches per 1,000 people
2. Maine: 0 breaches per 1,000 people
3. South Dakota: 0 breaches per 1,000 people
4. Vermont: 0 breaches per 1,000 people
5. North Dakota: 1 breach per 1,000 people. The theft of a laptop compromised the information of 650 patients.
Even when accounting for population, some of the lowest populated states also appeared to be the best at preventing health information breaches, according to the article.