Another Medical Center Charged with HIPAA Breach

Posted by BAS - 04 August, 2016

header-picture

The University of Mississippi Medical Center entered into a $2.75 million penalty agreement with the Department of Health and Human Services Office for Civil Rights.  HHS charged UMMC with multiple HIPAA violations stemming from their report of a loss of a laptop containing 328 files with PHI of about 10,000 patients.

In 2013, UMMC reported to HHS that a laptop was missing from the Center’s intensive care unit.  It is likely that the laptop was stolen by a visitor.  While the laptop was password protected, HHS determined that UMMC had breached the Security Rule.  This is because PHI stored on a UMMC network drive was open to unauthorized access through UMMC’s wireless network due to the fact that users could use a generic username and password to access an active directory containing 67,000 files.

UMMC agreed to pay $2.75 million and implement a compliance plan including a review of its HIPAA privacy, security and breach notification practices.


Recent Posts

Question of the Week - Allergy Medicine

read more

New Guidance on Tracking Technologies and HIPAA

read more

Enhancing Benefits Administration Efficiency: MyEnroll360's New Hire Waiting Period Management

read more