Regular readers of HealthBlawg will recognize the name Accretive Health from a February 2012 post, First lawsuit filed against a Business Associate under HIPAA / HITECH.

Well, the company has gone through a number of personnel changes at the top, plans to make some deep staffing cuts, and is working on restating its financials to account for earlier irregularities. The latest restated financials aren't ready to be filed — they haven't been fully audited yet — and as a result the company's stock is about to be delisted (but it may still be traded on the OTC market).

From Modern Healthcare's story:

Accretive's troubles began in 2012 when it came under fire in Minnesota for alleged patient privacy violations and aggressive bill collection practices. It settled that suit for $2.5 million in 2012 and also paid $14 million to resolve a shareholder lawsuit last October that accused Accretive's management team of making false statements about its business health.

And in January, the Federal Trade Commission settled with Accretive over the 2011 breach of 23,500 patient records on a laptop stolen from an employee's car. That settlement requires the company to create a comprehensive information security program that will be evaluated by a third party every two years.

(Another example of the FTC asserting jurisdiction over health data breaches — see posts on the recent LabMD case at HealthBlawg and iHealthBeat.)

If you had any doubt that HIPAA compliance deserves your attention, whether your organization is a covered entity, a business associate or a downstream contractor, perhaps the Accretive Health story will change your mind. 

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

photo credit: flickr cc mrbill78636