Just because HIPAA breaches don't make the nightly news doesn't mean they aren't happening -- and in large numbers, a new report indicates. The HHS Office for Civil Rights received 207 reports of HIPAA breaches that involved 500 or more individuals during 2010, which resulted in about 5.4 million individuals being affected by large breaches, according to the new Annual Report to Congress on Breaches of Unsecured Protected Health Information. The top five causes of incidents were theft, loss of electronic media or paper records containing protected health information (PHI), unauthorized access to use (or disclosure of) PHI, human error, and improper disposal. The largest reported theft affected 1.9 million individuals, and involved the theft of backup tapes that contained electronic medical records that were being transported to a vendor's site. Many of the additional breaches involved the theft of laptops (see related story, p. 264). Smaller breaches: More than 25,000 incidents of smaller breaches (each affecting fewer than 500 individuals) were reported to HHS in 2010, most of which involved misdirected communications -- for instance, a fax with PHI mistakenly sent to the wrong person, the report indicates. The report is at www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachrept.pdf.