UMMC, MSDH inform patients of personal health information breach
Published on Tuesday, December 20, 2011
Published in Press Releases on December 20, 2011 (PDF)
The University of Mississippi Medical Center and the Mississippi State Department of Health are informing nearly 1,500 participants in research studies of a breach of their personal health information.
A UMMC faculty member had been assigned a laptop for use in the studies. On Oct. 31, a UMMC employee reported that the laptop used for storing participants' personal health information was stolen from the clinic.
The laptop contained databases of information collected for certain research studies. The databases were password protected. The first database stored health information of patients who had been seen at a MSDH clinic located in the Jackson Medical Mall Thad Cochran Center. MSDH has confirmed that patients who agreed to participate in a study at the clinic gave permission for UMMC to use their personal health information.
The first database, involving about 1,400 patients, included medical record numbers, age, sex, race, zip code and blinded lab results. The information did not include patient names, addresses, Social Security numbers, or any financial information. Though it is possible for patients to be identified, the odds of it occurring are extremely low based on how the information is labeled in the database.
UMMC and MSDH are working together to notify these 1,400 patients impacted by the breach through letters mailed Dec. 19.
A second smaller database also was contained on the laptop and included sensitive protected health information of approximately 75 UMMC patients. These patients are being contacted directly by UMMC.
"We take any breach of patients' personal health information very seriously, and we apologize for this occurrence. We are reviewing our study procedures to prevent this from happening again," said Dr. James Keeton, UMMC vice chancellor for health affairs.
The laptop theft occurred when UMMC employees failed to follow departmental guidelines and left the laptop unsecured for a short period of time. Since then, disciplinary actions have been taken against the responsible employees.
Despite vigorous efforts, attempts to recover the stolen laptop have been unsuccessful. The clinic has safeguards in place to ensure the privacy and security of all patient health information, when procedures are properly followed.
For more information, patients notified of the breach may call UMMC toll free at 1-855-241-2575 between 8 a.m.-4:30 p.m. They also can email inquiries to hipaaprivacy@umc.edu.