Companies ranging from hospitals, health care plans and business associates can handle HIPAA-protected personal data. The HITECH Act requires that breaches affecting 500 or more individuals be reported to the U.S. Department of Health and Human Services. This lists all reported breaches from covered entities that reported their location as California.
The data lists breaches reported from the implementation of the HITECH Act in late 2009 through Jan. 11, 2015.