Trends and characteristics of protected health information breaches in the United States.

OBJECTIVES: To evaluate the data breaches incidents in the U.S. between 2010 and 2018, identify the characteristics of breaches involving more than a million records, and compare the changes before and after wide adoption of EHR in 2015. MATERIALS AND METHODS: Incidents of data breaches between 2010 to 2018 were retrieved from the Office of Civil Rights portal. Descriptive statistical analyses were performed to assess the trends and characteristics, and changes between states from 2015 to 2018 were assessed and mapped. RESULTS: From 2010 to 2018, a total of 2,529 breaches affected 194.74 million individual records. Overall, 72.08% incidents involved healthcare providers; theft (32.94%) and hacking (22.7%) were major types of breaches. Large cases affecting more than a million records happened due to compromised internal structures and systems. After 2015, the magnitude of the data breaches has changed at varying levels in the U.S. states necessitating further research and actions.