It's a lot less than other recent settlements but the University of Rochester Medical Center (URMC) is the latest provider to settle HIPAA enforcement action brought by New York State Attorney General Eric Schneiderman.

URMC will pay a $15,000 fine and enter into a corrective action plan.

“This settlement strengthens protections for patients at URMC and it puts other healthcare entities on notice that my office will enforce HIPAA data breach provisions,” Schneiderman said in a release.

This HIPAA civil action proceeded more quickly than most such actions, which can occur years after a breach. In March 2015, a nurse practitioner soon leaving URMC for a new position asked URMC for a list of the patients she had treated at the medical center and received a spreadsheet with 3,043 patient names along with their addresses and diagnoses, according to the settlement agreement. The nurse gave the spreadsheet to her soon-to-be new employer—Greater Rochester Neurology—without authorization from URMC.

Greater Rochester Neurology then mailed letters to the patients alerting them that the nurse practitioner would soon be joining the practice and inviting patients to be treated there. URMC learned of the breach when patients began calling the hospital to complain.

URMC will now provide Schneiderman’s office with recommendations made by a task force formed to assess policies on departing and incoming employees, identify revisions to HIPAA policies, retrain the workforce and provide timely notification of any future breaches.