After a laptop containing several thousand hospital records was lost, Accretive Health has been taken to court by the Minnesota Attorney General. In addition to being charged with violations of HIPAA regulations, Accretive Health is facing charges of consumer fraud and deceptive practices.
On January 19, the Minnesota Attorney General filed a civil lawsuit against the business associate,Accretive Health, Inc., after one of their employees lost a laptop containing personal and health details for up to 23,000 patients from the company’s medical clients.
Accretive Health had been hired to undertake a “Quality and Total Cost of Care” service agreement for
two hospitals, managing their revenue cycle process in exchange for certain incentive payments.
During this time, the aforementioned laptop was stolen from a car owned by one of Accretive’s
In the lawsuit, the Attorney General states that the business failed to implement the proper encryption measures when it came to securing the information on the stolen laptop. It is also alleged that the company failed to notify patients about its role in the hospitals’ revenue cycle processes, violating several consumer fraud and deceptive practices laws as well.
Accretive now faces a penalty of up to $25,000 per year as well as potential financial liability and loss of reputation. This new case reinforces the risks that business associates face in the event of a data breach, not to mention the severe scrutiny that they will be put under should this type of scenario occur.
More HIPAA HITECH Resources:
The complete HIPAA Privacy, Security and Breach regulations are here.
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.