Madison, IN Thunder storm 72°
Listen Live

Search 95.3 WIKI

Attorney General Todd Rokita protects 1.5 million patients from Inmediata’s data breach

Wednesday, October 18, 2023 at 11:43 AM

By Josh Myers @Wikicountry

Leading a 33 state settlement

                                        

Attorney General Todd Rokita continues his leadership in the fight to hold HIPAA covered entities accountable for patient privacy in the most recent multistate settlement with Puerto Rico-based health care clearinghouse Inmediata for a coding issue that exposed the protected health information (“PHI”) of approximately 1.5 million consumers for almost three years.  

 

“Our office will never back down from protecting patient privacy,” Attorney General Rokita said. “All patients deserve privacy and should feel protected by their health care providers.” 

 

Attorney General Rokita led a coalition of 33 attorneys general to investigate the incident and negotiate a settlement with the company. 

 

Under the settlement, Inmediata has agreed to overhaul its data security and breach notification practices and make a $1.4 million payment to states. Indiana will receive over $131,000 from the settlement. 

 

As a health care clearinghouse, Inmediata facilitates transactions between health care providers and insurers across the United States. On January 15, 2019, the U.S. Department of Health and Human Services’ Office of Civil Rights alerted Inmediata that PHI maintained by Inmediata was available online and had been indexed by search engines.  

 

As a result, sensitive patient information could be viewed through online searches, and potentially downloaded by anyone with access to an internet search engine.   

 

Inmediata was alerted to the breach on January 15, 2019, but they delayed notification to impacted consumers for over three months and sent misaddressed notices.  Further, the notices were far from clear—many consumers complained that without sufficient details or context. They had no idea why Inmediata had their data, which may have caused recipients to dismiss the notices as illegitimate. 

 

This settlement resolves allegations of the attorneys general that Inmediata violated state consumer protection laws, breach notification laws, and HIPAA by failing to implement reasonable data security. This includes failing to conduct a secure code review at any point prior to the breach, and then failing to provide affected consumers with timely and complete information regarding the breach, as required by law.   

 

Under the settlement, Inmediata has agreed to strengthen its data security and breach notification practices going forward. 

 

Indiana’s settlement is attached. 

Inmediata Consent Judgment (002).pdf

Share

More from Local News

Pledge of Allegiance and National Anthem on WIKI Pledge of Allegiance and National Anthem on WIKI
WIKI Country Gold Show Three hours of classic country gold every Saturday morning from 7a-10a
Facebook

Events

Local News

More Kentucky students graduating from college debt free

Students in Kentucky are completing an undergraduate credential debt free.

Kentucky Governor Announces $10.3 million in grants for waste and recycling projects

73 Projects across the state will benefit from the funding

Hardinsburg Man Arrested for Child Molestation and Related Crimes

Four day investigation led to his arrest

Local Sports

Local Area Sports Report for May 10-11 and 14, 2024

Any missing scores or to report a score email news@953wiki.com

Hanover Baseball wins program's first HCAC Tournament Title

The Panthers will await the NCAA selection show on Monday at noon for their Regional opponent.

ORVC Weekly Report Summary (April 29 – May 4) 2024

Congratulations to all the area athletes