The announcement was made by UMMC Friday via a news release. However, the medical center and the Office for Civil Rights of the U.S. Department of Health and Human Services reached an agreement on the matter on July 7. According to an Office for Civil Rights statement, the laptop was probably stolen by a visitor at the hospital. After entering a username and password, the user could access an active directory that contained 67,000 files. According to the statement, the directory contained 328 files that contained information about approximately 10,000 patients. It dates back to 2008. UMMC claims there is no evidence that patients’ health information has been accessed or disclosed. In an email to Mississippi Today, Tom Fortner, a spokesperson for UMMC said that no former patient had contacted him to inform us that their personal information had been compromised. Although UMMC notified all interested parties of the possible information breach via its website and sent out a press release to media outlets about it, the medical center didn’t notify every individual whose information could be accessed through the laptop. Fortner stated that “We didn’t feel we had sufficient contact information for individuals affected” or a way to create a reliable list to make contact with them. “So, as required under the (Health Insurance Portability and Accountability Act), we posted information about this breach on our website for 90 day and gave information about it to the media,” UMMC stated. The penalty money will be paid from its health-care operations revenues. UMMC has agreed to launch a three-year corrective action plan. This will include an update to its information security policy that will state that UMMC will notify all individuals affected by a breach. Fortner stated that patients can trust the fact that we have made significant improvements to our processes and procedures since the incident. “Our staff are committed in protecting the privacy of patients as part of their ethical responsibility.” Friday’s calls and messages to a spokesperson for the U.S. Department of Health and Human Services were not returned. The agreement states that UMMC will not admit liability. However, it does not mean that the medical center is in violation. To support this important work, you can make a regular donation to UMMC today as part of the Spring Member Drive.