The Office of Civil Rights (OCR), the unit of the Department of Health and Human Services (HHS) responsible for monitoring health information breaches, recently reported that the total number of Americans affected by large data breaches has surpassed 10 million individuals.

With the enactment of the Health Information Technology for Economic and Clinical Health Act (HITECH) and its Breach Notification Rule in 2009, covered entities were formally required to report to the OCR data breaches affecting 500 or more individuals as they happen. Thus with a data breach affecting 1.9 million Americans reported by California-based Health Net Inc. on Jan. 21, the total surged past the 10-million mark since monitoring began on Sept. 22, 2009.

The Health Net breach was reported when its business associate IBM said "it could not locate several server drives" containing personal health information (PHI).

The latest report covers breaches through Feb. 8, 2011.

Our All-On-One HIPAA Information Poster details the security and privacy requirements of both HIPAA and HITECH. Get yours today and keep your workforce informed of their rights and obligations.