The Department of Health and Human Services’ Office for Civil Rights this week announced the first Health Insurance Portability and Accountability Act settlement based on the untimely reporting of a breach of unsecured protected health information. Chicago-based Presence Health agreed to settle potential violations by paying $475,000 and carrying out a corrective action plan. “Because patient privacy is a top priority at Presence Health, we are working diligently with the OCR on all steps required under the corrective action plan; including additional associate training in HIPAA policies and procedures,” a spokesperson for the health system said. “This is the culmination of a several year process working with the OCR to resolve a matter we voluntarily reported to the OCR in 2014 related to an isolated incident involving paper records at a surgery center located in Joliet, IL. This incident did not involve any electronic records and did not involve any disclosure of patient contact or financial information. We are confident that reports on our progress to quickly implement revised policies and procedures will be positive.” According to OCR, covered entities must have a clear policy and procedures in place to respond to the breach notification rule’s timeliness requirements. For more on the breach notification rule, see the OCR guidance