The Federal Trade Commission Tuesday announced a settlement with revenue cycle management and healthcare business services firm Accretive Health over patient information security concerns. But the FTC also issued a closing letter noting that it would not be pursuing enforcement actions related to debt collection, an issue that grabbed a lot of attention in 2012.

Under the settlement, Accretive (NYSE: AH) must establish a comprehensive information security program designed to protect consumers’ sensitive personal information. In addition, the company must have the program evaluated both initially and every two years by a certified third party. The settlement will be in force for the next 20 years.

The action stems from a July 2011 incident in which an Accretive employee’s laptop computer, containing 20 million pieces of information on 23,000 patients, was stolen from the passenger compartment of the employee’s car in Minnesota.  The attorney general in that state, Lori Swanson, also launched an enforcement action.

That was hardly the last Accretive heard from Swanson. Several months after her patient information suit, Swanson issued a report on Accretive’s first party debt collection practices. Touting some of the company’s practices as “bedside collections,” Swanson followed up with a lawsuit that was quickly settled for $2.5 million.

Certain elements of the accusations drew widespread attention. U.S. Senator Al Franken (D-Minn.) held a hearing on the matter with Swanson, to which Accretive issued a lengthy rebuttal. The story started popping up everywhere, including on popular late-night cable program “The Colbert Report.”

While the accusations were salacious, there was never a definitive answer as to whether Accretive’s debt collection practices were unlawful. In the settlement with Swanson, the company admitted no wrongdoing and its CEO vigorously defended the practices noting that many of Swanson’s claims were baseless or exaggerated.

At the end of 2012, nearly a year after the whole mess started, another state regulatory body weighed in. Vermont’s Department of Financial Regulation announced that it had concluded an investigation into Accretive and said it could not find any evidence that the firm violated state laws.

And that’s exactly what the FTC did Tuesday. The agency said that it would not recommend an enforcement action related to allegations concerning Accretive’s debt collection practices in hospitals. The closing letter notes that the FTC is declining to recommend a Fair Debt Collection Practices Act (FDCPA) case against Accretive, the practice of attempting to collect payment for prior debts from consumers while they are seeking treatment in an emergency room or other medical facility raises serious concerns.

The FTC said it is reserving the right to launch an action in the future, but for now, it could not find evidence that the company’s debt collection practices were unlawful.

Next Article: Starting the New Year off on the ...