UMass Memorial pays $230K to settle data breaches affecting 15K patients

UMass Memorial Health Care in Worcester, Mass., agreed to pay a $230,000 settlement to resolve claims that two separate data breaches exposed the personal and health information of more than 15,000 patients.

A complaint filed one week before the settlement was announced claimed that two former UMass Memorial employees improperly accessed patients' personal and protected health information for fraudulent purposes. Patients' names, addresses, Social Security numbers, clinical data and health insurance information had been exposed.

The state Attorney General's Office claimed the hospital violated HIPAA, as well as the Consumer Protection Act and the Massachusetts Data Security Law, when it allegedly failed to adequately protect patient data. Specifically, the complaint alleges the hospital was aware of its employees' misconduct, but that it didn't investigate the incidents or take action against the employees involved.

"Massachusetts residents rely on their healthcare providers to keep private health information safe and secure," Attorney General Maura Healey said in a news release. "This resolution ensures UMass Memorial implements important measures to prevent this type of breach from happening again."

More articles on legal and regulatory issues:

Illinois Supreme Court: Hospitals' property tax exemption is constitutional
3 Boston hospitals fined nearly $1M for letting 'Boston Trauma' film on-site, breaching HIPAA
350+ patients settle lawsuit with Pennsylvania hospital over fugitive physician's misdiagnoses

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers