Advocate Health Care Network (Advocate) has agreed to pay $5.55 million to settle with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), multiple potential Health Insurance Portability and Accountability Act (HIPAA) violations involving electronic protected health information (ePHI). This is the largest HIPAA settlement to date against a single entity.
“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure,” said OCR Director Jocelyn Samuels, quoted in a press release. “This includes implementing physical, technical, and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”