SEATTLE -- Seattle-based Providence healthcare company has agreed to pay $100,000 and improve its patient information security to settle potential violations of patient privacy from 2005 and 2006.

The "Resolution Agreement" is the first ever imposed on a company by the U.S. Department of Health and Human Services for possible violations of HIPAA, the Health Insurance Portability and Accountability Act of 1996.

The agreement stems from several cases in 2005 and 2006 where backup tapes, optical disks, and laptops, all containing unencrypted electronic protected health information, were removed from the Providence premises and were left unattended. The media and laptops were subsequently lost or stolen, compromising the protected health information of over 386,000 patients.

Under the Resolution Agreement, Providence Health & Services has agreed to revise its policy on transporting patient records outside of company buildings and improve training of its employees, as well as making security reports to federal officials for three years.

Providence's chief security officer says the company has reinforced its security since the incidents and will continue to work to improve its protection of patient information.

More: Read full Resolution Agreement (PDF)