Ill. Health Center to Pay $5.5M HIPAA Settlement

The settlement stems from the theft of an unencrypted laptop from an unlocked car in 2013.

An Illinois health center agreed to the largest single-entity HIPAA settlement ever after a network breach affected as many as 4 million of its patients.

Advocate Health Care Network agreed to pay $5.55 million and adopt a corrective action plan following a lengthy investigation by the Department of Health and Human Services’ Office for Civil Rights.

The breach involved the health system’s physician practice, Advocate Medical Group, which was found to have several inadequate security measures in place to protect patient data, reports

RELATED: Cyberattack on Ariz. Healthcare System May Affect Data of 3.7 Million

The breaches compromised patient names, addresses, birthdates, demographics, clinical records, insurance records and credit card numbers, the OCR said in a statement Aug. 4.

The OCR began investigating the data breach in 2013 and determined that the practice conducted insufficient risk assessments to patient data, didn’t fully control access to its data centers, lacked required business associate agreements with vendors and failed to safeguard an unencrypted laptop when left in an unlocked vehicle overnight.

Despite the investigation’s findings, it was not officially determined that Advocate Health Care violated HIPAA, the patient privacy and security law.

The OCR says it hopes the settlement sends a message to healthcare entities about the importance of having strong risk management and analysis procedures in place. Specifically, the office says entities should implement “physical, technical and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”

Read Next: Boston Hospital’s Vendor Announces Patient Data Breach

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo