URMC reaches $15k HIPAA settlement with New York Attorney General: 5 key points

In the spring of this year, a University of Rochester (N.Y.) Medical Center nurse practitioner gave a list of 3,403 patient names, addresses and diagnoses to a future employer without obtaining permission from the patients first. Now, URMC has reached a HIPAA settlement with New York State Attorney General Eric Schneiderman, according to a news release from the Attorney General’s office.

Advertisement
By: Staff

Here are five things to know about the data breach and HIPAA settlement.

1. On April 21, the nurse practitioner’s future employer, Greater Rochester Neurology, mailed letters to the patients on the list informing them of the nurse practitioner’s job change and offered advice on how to change providers.

2. URMC learned of the data breach three days later, when upset patients reached out about the letters. The nurse practitioner was terminated.

3. All affected patients were sent notification letters. GRN has since returned or deleted all patient information from URMC.  

4. The settlement requires URMC to pay a $15,000 penalty and to educate its employees on policies and procedures related to protected health information.

5. “This settlement strengthens protections for patients at URMC, and it puts other healthcare entities on notice that my office will enforce HIPAA data breach provisions,” said Attorney General Schneiderman.

Click here to read the full settlement.

More articles on health IT:
CHIME names 3 new AEHIX board members
10 startups to know for 2016
Data company NantHealth postpones IPO

Behavioral health's breaking point: New survey reveals what leaders are prioritizing next

Recommended Live Webinar on Jan 28, 2026 12:00 PM - 1:00 PM CST

Advertisement

Next Up in Health IT

Advertisement

Comments are closed.