Improper Disposal breaches reported to HHS OCR
A breach categorised as Improper Disposal is one HHS OCR recorded under that heading on its HIPAA Breach Reporting Portal. In 2023-10-12 to 2026-06-16 there were 1 such breaches affecting 500+ individuals — 0.1% of all reported breaches, ranking it #4 of 4 types by volume, and affecting 34,675 individuals.
Quick answer
In 2023-10-12 to 2026-06-16, HHS OCR recorded 1 improper disposal breaches of unsecured protected health information affecting 500+ individuals, which is 0.1% of the 726 breaches reported across all types and makes it the #4 most common of 4. These breaches affected 34,675 individuals in total.
Source: U.S. HHS Office for Civil Rights — HIPAA Breach Reporting Portal (HIPAA Cases Currently Under Investigation (breaches affecting 500+ individuals)), under HITECH Act s.13402(e)(4); HIPAA Breach Notification Rule. This is a work of the U.S. federal government in the public domain. Figures are record counts and reported affected-individual totals for 2023-10-12 to 2026-06-16, retrieved 2026-06-27. Presented neutrally; this is statistics, not legal advice.
Recent improper disposal breaches
The 1 most recent breaches of this type in 2023-10-12 to 2026-06-16, exactly as reported to HHS OCR.
| Date | Covered entity / business associate | State | Individuals |
|---|---|---|---|
| 05/02/2025 | Anesthesia Associates of Morristown, P.A. | NJ | 34,675 |
Other breach types
Compare with every other breach type's reported volume in 2023-10-12 to 2026-06-16.
Or return to the US healthcare data breaches hub for the full breakdown by state and the 356,175,086 individuals affected overall.
FAQ
- How many improper disposal healthcare breaches were reported to HHS OCR in 2023-10-12 to 2026-06-16?
- HHS OCR's portal lists 1 breaches categorised as improper disposal affecting 500 or more individuals in 2023-10-12 to 2026-06-16, collectively affecting 34,675 individuals. That is 0.1% of the 726 breaches reported across all types, ranking improper disposal #4 of 4 categories by volume. Figures are taken directly from the HHS OCR HIPAA Breach Reporting Portal.
- What does "Improper Disposal" mean on the HHS breach portal?
- HHS categorises a breach as Improper Disposal when protected health information was not securely destroyed before disposal — paper records left intact or storage media that was not wiped. It is a small but entirely preventable category.
- How can a healthcare organization prevent improper disposal breaches?
- Because improper disposal accounts for 0.1% of reported breaches in this data, the most effective controls are practical: multi-factor authentication and least-privilege access, prompt patching of internet-facing systems, encryption of protected health information at rest and in transit, tested offline backups, redaction and recipient checks before disclosure, and a rehearsed 60-day breach-response process. A structured compliance audit maps your data flows against the HIPAA Security Rule.
Data retrieved 2026-06-27 · reporting window 2023-10-12 to 2026-06-16.
Harden your data protection before it becomes a breach report
The overwhelming majority of the breaches in this data are hacking/IT incidents and unauthorized access — both reducible with basic access, email and backup controls. GeraCompliance's fixed-scope compliance sprint maps your data flows, hardens the controls behind these breach types, and leaves you with a tested incident-response plan — in days, not months.