Accretive Health Settles Minn. LawsuitAgrees to Pay a $2.5 Million Fine
Accretive Health, a Chicago-based billing and collections company, has agreed to pay $2.5 million to settle a Minnesota lawsuit filed following a data breach. The state's lawsuit, which dealt with the firm's collection practices as well as the breach incident, alleged violations of federal and state health privacy laws as well as state debt collection and consumer protection laws.
As part of the settlement, the company also agreed to stop doing business in Minnesota for two years. It will destroy or return any health and financial information it collected on behalf of Minnesota clients within 60 days of shutting down its operations in the state.
Earlier, Accretive had filed a motion to dismiss the lawsuit.
Accretive noted in its July 30 settlement announcement that James Bolotin had resigned as vice president, corporate controller, the principal accounting position with the firm.
Minnesota Attorney General Lori Swanson had sued Accretive in January in the wake of the breach. In the July 2011 incident, an unencrypted laptop was stolen from the car of an Accretive employee. The laptop contained healthcare information on patients treated at two hospitals in the state, plus Social Security numbers for some of the patients. While Swanson said 23,500 patients were affected, the Department of Health and Human Services' official breach tally lists the total as 16,800.
The company, in its statement, contends that the settlement doesn't amount to "any admission of liability or wrongdoing."
Earlier, Accretive contended in a letter sent to Sen. Al Franken, D-Minn., that the laptop stolen from its employee was not encrypted "due to the oversight of an individual IT employee." That employee subsequently was fired, the company reported (see: Accretive Health Addresses Breach). Sen. Franken had launched an investigation following the Minnesota attorney general's filing of the lawsuit against the company.