On November 5, 2019, the University of Rochester Medical Center (URMC) reached a settlement under which the medical system agreed to pay $3 million to the U.S. Department of Health and Human Services (HHS) for alleged privacy and security violations of the Health Insurance Portability and Accountability Act (HIPAA).
The investigation involved breach reports filed in 2013 and 2017 regarding “the loss of an unencrypted flash drive and theft of an unencrypted laptop” that contained patient protected health information (PHI).
