The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services has reached a settlement of $2.75 million with the University of Mississippi Medical Center (UMMC) in Jackson concerning the matter of a missing laptop.
The laptop was stolen in March of 2013 and contained a database that contained patient records, according to MsNewsNow. While there is no evidence to show that the information has been accessed from an outside source, the OCR found holes in UMMC’s polices and procedures in protecting its patients' personal health information.
The settlement also includes the following:
- UMCC is required to implement a corrective action plan within the next three years that must include a notification be sent to all effected patients in the case of a data breach.
- UMMC is required to give each healthcare personal individual identification when accessing patient data.
- All laptops must have encryption software installed.
- The position of its Chief Information Security Officer must be updated to ensure better protection.
- An entire update is needed for the IT security program from an outside firm.
“Our patients should never have to doubt that their privacy is a sacred trust that we are committed to protecting as part of our core ethical values,” said LouAnn Woodward, MD, UMMC vice chancellor for health affairs. “We have learned from this experience and are working hard to ensure that our information security program meets or exceeds the highest standard.”