Massachusetts Settlement for Impermissible Use

Veriphyr proactively reports impermissible use of PHI the first time it happens.

University of Massachusetts Memorial Medical Group Inc. and Memorial Medical Center Inc. each face investigation by the Massachusetts Attorney General Maura Healey.


Large Scale Privacy Breach by Employees

Between the two different breaches, the personal and protected health information (PHI) of over 15,000 patients has been exposed. The breached PHI includes names, addresses, social security numbers, clinical information and health insurance information.

Two former employees of the University of Massachusetts health systems are responsible for the breaches. They impermissibly accessed patients’ PHI with the intention of opening cell phone and credit card accounts.

However, while the former employees committed the crime, the hospitals themselves were also found guilty of breaking the law.


Responsibility Falls On the Hospital’s

The office of the Massachusetts Attorney General found the University of Massachusetts Memorial Medical Group and Memorial Medical Center to be in violation of the Consumer Protection Act, the Massachusetts Data Security Law, and the Health Insurance Portability and Accountability Act (HIPAA).

Healthcare organizations are responsible for their employees actions legally, financially, and when considering the organization’s  reputation.

This lawsuit alleges that the two University of Massachusetts entities knew of the misconduct but failed to properly investigate complaints, failed to discipline the employees in a timely way, and take other steps to safeguard the information.


In Conclusion

As a result, the two organizations will pay a total of $230,000 between them. In addition, the university hospital system will add employee background checks, thorough employee training, and limits to employee’s access to patient information.

The groups have committed to identify and fix all potential data security issues, and will investigate any suspected any current impermissible use.

According to the agreement with the Attorney General, the University of Massachusetts will hire an independent third-party to do such reviews. They will give the review to the Attorney General’s office.

“This resolution ensures UMass Memorial implements important measures to prevent this type of breach from happening again.”  – Attorney General Healey


Advanced Data Analytics

Veriphyr’s advanced data analytics helps healthcare organizations detect impermissible use of patient data the first time it happens.



(a) Data Breaches – September 20th, 2018