CWmike writes: "Over the past three years, about 21 million patients have had their medical records exposed in data security breaches that were big enough to require they be reported to the federal government. Since Sept. 2009, 477 breaches affecting 500 people or more each have been reported to the Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services. In total, the health records of 20,970,222 people have been compromised, the OCR said. It has been updating a list of the breaches on its website. The list is known to the health care industry as "The Wall of Shame." Six health care organizations listed on The Wall of Shame reported security breaches that involved one million or more records. How did this come about? The breach notification and reporting is part of new rules under the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009."