Mississippi hospital sees HIPAA breach

Could involve tens of thousands

Officials at the University of Mississippi Medical Center have issued a breach notice after laptop computer containing patients' personal health information went missing from a clinical area in January. 

According to UMMC, the total number of patients affected is unknown, and individual patient notifications have not been sent. 
 

On Jan. 22, UMMC officials were notified that the unencrypted laptop was missing. The laptop was a shared device, used by UMMC clinicians working in a non-public, patient-care area, officials say. 
 

The laptop may have contained PHI of adult patients seen at UMMC between 2008 and January 2013, including names, addresses, dates of birth, Social Security numbers, diagnoses, medications, treatments and other clinical information. At this time, the medical center is not releasing which department the laptop went missing from, but Jack Mazurak, spokesperson for UMMC, said it could be thousands of patients per year seen in this particular department. Overall inpatient admissions at the 722-bed UMMC total close to 28,000 annually. 
 

“We take the privacy and security of our patients very seriously and Medical Center staff responded quickly to this incident to protect our patients’ personal and protected health information,” said James Keeton, MD, UMMC vice chancellor for health affairs. 
 

“We believe it is unlikely the information on this computer has actually been viewed, accessed, used or disclosed. However, this incident is troubling and we are doing all we can to remedy the situation and prevent incidents like this in the future.”
 
The laptop has yet to be recovered.