A top New York hospital has paid $4.8 million in what federal health regulators announced Wednesday was the largest settlement for a privacy breach since strict standards took effect in 2003.
The agreement with New York-Presbyterian Hospital/Columbia University Medical Center resolved an inquiry that began in September 2010 after patient data wound up on the internet. The federal Department of Health and Human Services said search engines were able to access the health records of about 6,800 hospital patients after a physician deactivated a server on the hospital’s internal data network.
The hospital did not become aware of the breach until it received a complaint from someone who found a deceased patient’s data online. But a hospital spokesman said there was no indication at the time of the breach or since that information was accessed or used improperly.
The hospital was No. 1 in New York in the latest U.S. News and World Report rankings.