Rochester University Reaches HIPAA Settlement with AG

The University of Rochester Medical Center will provide additional patient privacy training to employees and pay a $15,000 fine as part of the settlement.

New York Attorney General Eric Schneiderman and the University of Rochester Medical Center reached a settlement over a patient privacy violation on Dec. 11.

As part of the settlement the medical center agreed to train its workforce on protecting patient health information and pay a $15,000 fine, according to legalnewsonline.

The HIPAA violation occurred when a nurse practitioner switched employers and gave Greater Rochester Neurology, or GRN, a list of over 3,000 URMC patients. GRN then used the list to contact the patients and try to get them to switch health care.

RELATED: Businesses Associated With Hospitals Could Face HIPAA Audits

Although the breech isn’t considered particularly egregious and the fine amount is relatively small, the settlement sets an important precedent for other healthcare facilities.

In 2009, the Health Information Technology for Economic and Clinical Health Act gave state attorney generals the power to enforce HIPAA rules by seeking civil actions against hospitals. Although it is uncommon, healthcare facilities could see more actions brought against them by attorney generals in the future.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo