The Associated Press reports on a settlement concerning the privacy of patients’ medical data in New York:
NEW YORK — A top New York hospital has paid $4.8 million in what federal health regulators announced Wednesday was the largest settlement for a privacy breach since strict standards took effect in 2003.
The agreement with New York-Presbyterian Hospital/Columbia University Medical Center resolved an inquiry that began in September 2010 after patient data wound up on the Internet, the U.S. Department of Health and Human Services said.
The department said Internet search engines were able to access the health records of about 6,800 hospital patients after a Columbia University Medical Center physician deactivated a server on the hospital’s internal data network. […]
A hospital spokesman, Doug Levy, said Wednesday there was no indication at the time of the breach or since that any information was accessed or used inappropriately.
He said the hospital has worked to strengthen patient privacy and is taking additional corrective action — including risk analysis, developing a risk management plan, revising policies and procedures and training staff — as required under the settlement agreement.