The University of Mississippi Medical Center is the most recent HIPAA security breach to be reported according to Healthcare IT News. A laptop computer containing patient’s personal health information went missing from a clinical area in January.
According to officials at UMMC, the total number of patients impacted by this HIPAA security breach is unknown and individual patient notifications have not been sent. As they are unaware of the exact patient data on the device, UMMC will be unable to comply with regulations of personally notifying the affected patients.
This unencrypted laptop was a shared device, used by UMMC clinicians working in a non-public, patient-care area. The number of HIPAA violations caused by unencrypted laptops has skyrocketed in recent months.
The laptop missing from the UMMC medical center may have contained PHI of adult patients seen between 2008 and January 2013 and may consist of names, addresses, dates of birth, social security numbers, diagnoses, medications, treatments and other clinical information. The UMMC is not releasing which department the breach occurred in.
According to UMMC vice chancellor for health affairs, James Keeton, MD “We believe it is unlikely the information on this computer has actually been viewed, accessed, used or disclosed. However, this incident is troubling.”
The laptop has yet to be recovered. In addition to the HIPAA violation, think of the patients that may have their personal information at risk. Incidents like these can cost far more than a hefty penalty. Identity theft is a real risk and HIPAA regulations are intended to protect patients’ privacy.
HIPAA violations are preventable. UMMC could have prevented a breach from occurring simply by practicing basic security practices. Besides physical security of the laptop itself, encryption of laptop hard drives is fairly common practice in industries that need to meet compliance and information security standards.
New HIPAA guidelines are coming into effect. All covered entities and business associates must meet HIPAA compliance regulations before September 23rd. Are you ensuring all your suppliers are HIPAA compliant? Give us a call and we can help ensure your IT systems meet HIPAA rules and that your patient information is secured.
Securing your healthcare information is critical. Call us today and speak with our IT security professionals and lets get your healthcare facility secured.
