[authors: Danna Carmi, M. Leeann Habte, Peter F. McLaughlin, Leigh C. Riley, R. Michael Scarano Jr.]
On July 30, 2012, Minnesota Attorney General Lori Swanson announced a settlement agreement with Accretive Health (Accretive) resolving a lawsuit filed against Accretive in January 2012. The settlement requires Accretive to stop doing business in Minnesota for two years and to pay approximately $2.5 million to the State of Minnesota, a portion of which will be used to compensate patients.

The lawsuit alleged that Accretive violated several provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as modified by the Health Information Technology for Economic and Clinical Health (HITECH), as well as other state and federal laws. The case is significant because it represents the first enforcement action against a business associate under the new provisions of HITECH that makes business associates directly liable (rather than only contractually liable) for violations of HIPAA and, in particular, for breaches of Protected Health Information (PHI). (Although the attorney general alleged in the alternative that Accretive was a covered entity, it relied primarily on its status as a business associate.) The case also illustrates aggressive use of the enforcement authority granted by HITECH to state attorneys general.