The University of Mississippi Medical Center (UMMC) has agreed to pay $2.75 million to settle multiple alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), following an investigation by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).
“OCR’s investigation of UMMC was triggered by a breach of unsecured electronic protected health information (“ePHI”) affecting approximately 10,000 individuals. During the investigation, OCR determined that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet no significant risk management activity occurred until after the breach, due largely to organizational deficiencies and insufficient institutional oversight.
OCR reports that UMMC will pay a penalty of $2,750,000 and adopt a corrective action plan to help assure future compliance with HIPAA Privacy, Security, and Breach Notification Rules.