Spotlight: North Memorial Health Care to cough up $1.55M for third-party data breach


Minnesota-based North Memorial Health Care has agreed to pay $1.55 million in fines to settle charges that it potentially violated HIPAA rules in a 2011 breach of medical records, in which an employee of third-party business associate Accretive Health reported a laptop with unencrypted medical records was stolen. The Department of Health and Human Services charged that North Memorial Health Care failed to enter into a business associate agreement with Accretive and failed to conduct an organizationwide risk analysis for its patient information.