The U.S. Department of Health and Human Services and Office for Civil Rights (OCR) has come up with a settlement with Advocate Health Care Network (Advocate) about the various violations of Health Insurance Portability and Accountability Act (HIPAA) regarding electronic protected health information (ePHI). The advocate accepted a proper corrective plan of action and also agreed to pay the penalty of $5.55 million. It is considered to be one of the most important notable settlements till date (since the Security Rules has been enforced) where there is the involvement a large number of people as well as the State Attorney General in the investigation of the matter which was hugely affected by Advocate, which is one of the biggest health systems in the country.
In 2013 the investigation began by OCR, the Advocate at that point of time submitted breach of notification report about three in numbers to show that their occurred different incidents and claimed for its subsidies by the Advocate Medical Group (“AMG”). About 4 million people got affected by the breaches happened in the ePHI which included various information about patients, insurances, demography, card numbers, expiry dates and birth dates. The investigation was done by OCR on these matters proved that Advocate failed to do certain things which are:-
- Could not assess the possible risks and vulnerabilities of all the ePHI;
- It was not able to limit the physical access of the electronic information systems where a large data gets stored;
- Never made any contract for the business associates that they must protect the information;
- Could not implement policy to protect a unencrypted laptop when left in an unlocked vehicle
Advocate Health Care Network is the largest fully-integrated health care system in Illinois, with more than 250 treatment locations, including ten acute-care hospitals and two integrated children’s hospitals. Its subsidiary, AMG, is a nonprofit physician-led medical group that provides primary care, medical imaging, outpatient and specialty services throughout the Chicago area and in Bloomington-Normal, Illinois.
Corrective Action Plan for Advocate