The public will have 30 days to comment on the agreement, and the FTC will decide whether to make the proposal final after that.
The FTC's inquiry stems from a 2011 incident in which a laptop was stolen from an Accretive employee's car. The laptop contained the data of 23,500 patients.
"The Commission alleges that Accretive created unnecessary risks by transporting laptops that contained sensitive personal information in a way that left them vulnerable to theft," the FTC said in a statement.
The agency also said Accretive did not do enough to make sure employees removed consumer health information from their computers after employees didn't need the information anymore, didn't adequately restrict employee access to personal information, and failed to remove consumer information from employees' computers after training sessions.
An investigation into the theft of the laptop revealed that the Chicago company had access to patient data through contracts with the hospitals, and it used that data used that data to assess patients' risk of becoming hospitalized.
Minnesota Attorney General Lori Swanson sued Accretive in 2012, accusing the company of using high-pressure tactics to get patients at Minnesota hospitals to pay before treatment was given. A report from Swanson's office also accused Accretive of misusing private patient information and creating an atmosphere in which employees were coached to aggressively collect debt.
Accretive agreed to pay $2.5 million in restitution for patients and return data to client hospitals. It also agreed to stop doing business in Minnesota for at least two years.
