Allscripts Health Solutions is facing a $145 million settlement with the U.S. Department of Justice due to a breach that exposed patient records and an anti-Kickback Statute violation related to Practice Fusion. Practice Fusion was acquired by Allscripts, a multi-national electronic heath record (EHR) provider, back in 2018.
“The main focus has been on actions that occurred prior to our ownership and, thus, we were highly motivated to reach an accord with the DOJ as soon as possible so that we could put this chapter behind us,” said Allscripts President Rick Poulton. “These investigations have many similarities to investigations that have either been settled or remain active with many of our industry competitors. While the amount we have agreed to pay of $145 million is not insignificant, it is in line with other settlements in the industry, and we are happy to have reached an agreement in principle.”
This settlement will resolve both companies of all criminal and civil liability related to the investigation surrounding them both.
Part of HIPAA compliance includes yearly Security Risk Assessments. Not only does the assessment cover due diligence, they also help identify security gaps and opportunities for retraining. Even one human error can cost your company millions. Cyber Insurance increases your breach survival rate, but a detailed security awareness training program and risk assessments help prevent the situation from start.