On July 21, the Department of Health and Human Services' Office for Civil Rights (OCR) announced an agreement with the University of Mississippi Medical Center (UMMC) under which UMMC agreed to pay $2.75 million to settle multiple alleged HIPAA violations. OCR's investigation of UMMC arose out of a data breach in which unsecured electronic protected health information of about 10,000 patients was exposed to unauthorized access.
OCR's investigation determined that UMMC had been aware of risks and vulnerabilities in its computer systems since 2005, but never took proper steps to remediate the problems. The potentially compromised patient records dated back to 2008.
Among other problems, OCR found that UMMC had not implemented policies and procedures required under the HIPAA Security Rule, properly restricted access to its computer network, or notified the individuals believed affected by the breach.
Eric Fader was quoted in a July 28 article, "Miss. Hospital Pays $2.75M to Resolve Alleged HIPAA Violations," in Bloomberg BNA's Health Care Daily Report. In the article, Eric said that the UMMC settlement is the latest indication that the OCR has shifted its enforcement efforts into high gear. Several of the HIPAA settlements announced by the OCR since late last year have involved a lack of effective risk management.
"There is no question that the OCR understands the importance of repetition in marketing, even when what's being marketed is the need for regulatory compliance rather than a specific product or service, and I believe we're likely to see the current wave of settlement announcements continue for some time," Eric said.
Click here for more Healthcare Blogs from Day Pitney
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.