UMC under FBI investigation for violation of HIPAA

More than 100 people have been notified by University Medical Center that their personal information might have been compromised and the center has suspended six of its staff members under this charge and also for their casual treatment of a pregnant woman looking for help in the emergency room.

Under the investigation it came out that Roshunda Abney, 25, was ignored for so long at the hospital that she went home and gave birth to a premature baby that later died. Others who were in the waiting room supported Abney and her fiancé that they were ignored for several hours until they finally left.

In response to the second investigation, UMC sent out more than 100 notification letters letting people know their personal information might have been illegally shared with others. The 100 letters sent out notify 71 patients who used the hospital’s Trauma Center Oct. 31 or Nov. 1 and people who accompanied the patients and provided personal information to the hospital. Those getting the letters have been offered free credit monitoring for a year as compensation. A second letter will be sent in the next couple of days explaining how to use the service now that the contract is complete.

The FBI has launched an investigation into the violations of the federal Health Insurance Portability and Accountability Act, (HIPAA) — which includes penalties of up to $250,000 in fines and 10 years in jail. “The FBI feels that they have made some progress in the investigation — they don’t exactly keep us daily updated — but we do feel that they are handling the investigation appropriately and we expect to get to the bottom of this,” Silver said.

For future precautions, UMC has taken further steps to improve the protection of patient information. From now, UMC employees will be required to enter a personal identification number on copy machines in patient care areas so photocopies can be tracked and audited. Also, hospital officials are evaluating where additional electronic door access controls might be needed to further improve the security of patient information.

In case of any breach, if the source of the leak is found, Silver said, the hospital will insist the person is criminally prosecuted. “If, as it has been suggested, there have been data leaks, then we will get to the bottom of it and we will take the appropriate action,” she said. “These are criminal offenses, they’re very serious.”