25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Mississippi’s Magnolia Health Fires Employee for PHI Disclosure

Posted By on Feb 24, 2016

Magnolia Health, a health insurance company serving Mississippi’s Medicaid population, has announced it has fired an employee for inappropriately accessing the protected health information (PHI) of “numerous Magnolia Health members” and disclosing those data to a relative.

The disclosure of PHI was against company regulations and the now former employee has not received authorization from the company or patients to share their data. The disclosure happened on two occasions: October 28, 2015., and November 8, 2015. The data were emailed from the employee’s work email account to a personal account and email account of a relative.

Upon discovery of the privacy breaches the Centene Corporation subsidiary conducted an investigation which resulted in the termination of the employment contract of the employee in question. Written statements were obtained from the employee and the recipient of the PHI stating they had not disclosed the data to any other individuals. Magnolia Health also viewed the personal email accounts of both individuals to confirm that all copies of the data had been deleted.

The data emailed from the employee’s account included the names of health plan members, their addresses and telephone numbers, dates of birth, Medicaid ID numbers, and Social Security numbers. No reason was given as to why the data were emailed to the relative.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Magnolia Health has not disclosed how many individuals had their PHI compromised by the employee; however, the privacy breach was reported to the Mississippi Division of Medicaid. A breach report has not been added to the Department of Health and Human Services’ Office for Civil Rights breach portal. This suggests that the data breach affected fewer than 500 individuals. A substitute breach notice was posted on the Magnolia Health website on February 19, 2016.

All affected patients have been notified of the disclosure of their PHI and all have been offered a year of credit monitoring and identity theft protection services without charge.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist