Miss. Medical Center Fined $2.75M for HIPAA Violation

The medical center agreed on a corrective action plan as part of the settlement.

The Department of Health and Human Services’ Office for Civil Rights announced a $2.75 million fine following a Mississippi health center’s patient privacy violation.

The July 22 announcement comes after an OCR investigation determined the University of Mississippi Medical Center violated the Health Insurance Portability and Accountability Act, or HIPAA, multiple times in 2013, reports thehill.com. The medical center did not admit liability for the violations as part of the settlement.

The violations stem from what federal officials deemed inadequate computer security measures that were in place when a laptop in the hospital’s intensive care unit was likely stolen. The laptop held the protected health information, or PHI, of 10,000 patients.

RELATED: OCR Enters $650K Agreement with Healthcare Business Associate

An investigation into the computer theft determined that many parts of the patient record database were accessible without log in credentials, although a password was required to access the health center’s network. Federal investigators also characterized the username and password for the device as “generic.”

Under the settlement, UMMC will address security deficiencies identified in the investigation. Those problems include the absence of tracking features on network accounts accessing patient health information, the lack of physical safeguards for workstations containing protected data and the failure to alert all patients that may have been affected by the computer theft.

UMMC released a statement saying that it has undertaken several initiatives aimed at improving data security since the 2013 computer theft, including the mandatory installation of encryption software on all computers.

UMMC also hired an outside firm to assess its cybersecurity measures. That firm helped the medical center overhaul its IT security program.

Read Next: OCR Sends Message to Healthcare Industry with 2 HIPAA Settlements

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo