Contributed by Lee Kim, Esq.
Lori Swanson, the Minnesota Attorney General, announced that Accretive Health, Inc., the Chicago debt collector that managed the revenue operations of several Minnesota hospitals, will cease operations in Minnesota as a result of a settlement agreement. In addition, Accretive cannot reenter Minnesota for a period of six (6) years without the agreement of the Attorney General.
A laptop containing unencrypted data on over twenty-three thousand (23,000) patients of Fairview Health Services and North Memorial Health Care was stolen from an Accretive employee’s rental car. The company was engaged in debt collection from patients. The Minnesota Attorney General filed a lawsuit against Accretive alleging violations of state and federal health privacy laws and state debt collection laws. Alleged HIPAA violations included the following: failing to prevent, detect, contain and correct the theft of Accretive laptops that contained protected health information (PHI), failing to encrypt PHI on laptops, allowing employees to take laptops with PHI out of hospital facilities, failing to limit access to PHI to only those individuals who needed access to such information, failing to prevent employees from downloading PHI onto laptop computers and/or storage media without adequate safeguards and procedures, and failing to implement a business associate agreement as required by HIPAA.
The lawsuit was also amended to allege that Accretive was responsible for aggressive collection practices in hospital emergency rooms by its employees and others acting under its management and supervision. The lawsuit is believed to be the one of the first filed by a state attorney general under powers given to states by the HITECH Act.
Under the settlement agreement, Accretive will pay about $2.5 million to the State of Minnesota. The money will be part of a restitution fund used to compensate patients with any funds remaining remitted to the state treasury. The agreement also requires Accretive to return to its client hospitals all data in its possession about Minnesota patients and an independent auditor must confirm that it has done so.
For more information: