As physicians and other covered entities evaluate EHR systems, a recurring question is security from intrusion or other breach.  Counterintuitively, a recent blog post at suggests that the safest place for health data to reside may be "cloud-based" systems.

In the post, entitled HHS Data Tells the True Story of HIPAA Violations in the Cloud, analyst Michael Koploy reviewed the HHS "Wall of Shame" that lists breaches involving 500 or more individuals and broke them down according to causation. He noted that "physical theft and loss accounted for about 63% of the reported breaches. Unauthorized access / disclosure accounted for another 16%, while hacking was only 6%."  Only seven reported violations involved EHR systems, and none of them were off-site, cloud based databases.  The most common breaches involved loss or theft of portable devices or paper records.

It is possible that the emerging cloud-based EHR storage alternative represents too small a percentage of total health records to account for significant breaches, to date. However, based on the incidents reported to HHS, there are a lot less secure places to store your data.