Long Term Care & Senior Living Blog

Advocate Health Care Network, the largest fully-integrated health care system in Illinois, agreed to the largest HIPAA Settlement to be paid by a single entity for potential penalties in the amount of $5.55M. The alleged long term non-compliance resulting in this settlement included four failures to comply with HIPAA including: failure to adequately conduct risk assessments, failure to limit physical access to ePHI, failure to obtain Business Associate Agreements, andfailure to safeguard an unencrypted laptop from an unlocked car overnight.

Adult & Pediatric Dermatology, P.C., of Concord, Mass., (APDerm) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. APDerm will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. APDerm is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).