Illinois Health System Agrees To $5.55 Million Settlement Over Data Breach
The settlement HHS reached with Advocate Health Care Network is the largest ever by a single company for potential violations of the federal patient privacy law.
Morning Consult:
HHS Reaches $5.55 Million Settlement With Illinois Health System
One of the largest health systems in the country reached a $5.55 million settlement with the Obama administration over potential HIPAA violations, the Department of Health and Human Services announced Thursday. The settlement between Advocate Health Care Network, Illinois’ largest integrated health system, and HHS’s Office for Civil Rights is the largest to date with a single entity. (Owens, 8/4)
CNBC:
Huge Data Breach At Health System Leads To Biggest Ever Settlement
Advocate Health Care Network, which operates 12 hospitals and more than 200 other treatment locations in Illinois, will pay $5.55 million to the U.S. Health and Human Services Department as part of the settlement announced by HHS on Thursday. Advocate Health Care, which remains under investigation for the data breaches at a subsidiary by the Illinois Attorney General's office, also will be required to adopt a corrective action plan for its data security. The breaches, two of which involved thefts of computers, occurred at a physicians' group that is the largest in the Chicago area. (Mangan, 8/4)
Chicago Tribune:
Advocate To Pay $5.5 Million Over Data Breach
The settlement with the federal government follows an investigation that began in 2013 when Advocate reported three separate data breaches involving its physician-led medical group subsidiary, Advocate Medical Group. The breaches involved the electronic health information of 4 million people, including medical information, names, credit card numbers and birthdays, among other things. (Schencker, 8/4)
Modern Healthcare:
Advocate Health To Pay Largest HIPAA Settlement
Advocate Health Care has agreed to pay $5.55 million to settle multiple data protection violations over the past three years, marking the largest Health Insurance Portability and Accountability Act settlement HHS has ever received. HHS' Office of Civil Rights said the massive settlement was due to the extent and duration of the Downers Grove, Ill.-based health system's noncompliance with data security laws, as well as the number of patients affected by the security violations with its electronic protected health information, or ePHI. (Teichert, 8/4)