Another Medical Center Charged with HIPAA Breach

Posted by BAS - 04 August, 2016


The University of Mississippi Medical Center entered into a $2.75 million penalty agreement with the Department of Health and Human Services Office for Civil Rights.  HHS charged UMMC with multiple HIPAA violations stemming from their report of a loss of a laptop containing 328 files with PHI of about 10,000 patients.

In 2013, UMMC reported to HHS that a laptop was missing from the Center’s intensive care unit.  It is likely that the laptop was stolen by a visitor.  While the laptop was password protected, HHS determined that UMMC had breached the Security Rule.  This is because PHI stored on a UMMC network drive was open to unauthorized access through UMMC’s wireless network due to the fact that users could use a generic username and password to access an active directory containing 67,000 files.

UMMC agreed to pay $2.75 million and implement a compliance plan including a review of its HIPAA privacy, security and breach notification practices.

Recent Posts

Question of the Week

read more

White House Cybersecurity Memo

read more

Claim Submission Process in MyEnroll360

read more