Federal agency touts Attorney General Todd Rokita’s settlement with health care clearinghouse as national model
By referring consumers to an Indiana-led multistate settlement, federal officials this month tacitly recognized the excellence of Attorney General Todd Rokita’s team.
In announcing its own settlement Dec. 10 with a Puerto Rico-based health care clearinghouse following a data breach, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) pointed consumers to an Indiana-led 33-state settlement with the same company reached more than a year earlier.
“The outstanding attorneys in our Consumer Protection Division are vigilant in safeguarding Hoosiers from corporate misconduct and protecting patient privacy,” Attorney General Rokita said. “It comes as no surprise to me that others would regard our work product as a gold standard.”
Both the federal and state settlements resolve allegations that Inmediata Health Group LLC violated state and federal laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), by exposing consumers’ protected health information online in a data breach.
In a press release, federal officials stated, “Under the terms of the settlement, Inmediata paid OCR $250,000. OCR determined that a corrective action plan was not necessary in this resolution as Inmediata had previously agreed to a settlement with 33 states that includes corrective actions that address OCR’s findings in this matter.”
Inmediata’s own investigation revealed that a coding issue potentially exposed the electronic protected health information of approximately 1.5 million U.S. individuals.
Under the Indiana-led settlement, Inmediata agreed to overhaul its data security and breach notification practices and make a $1.4 million payment to states — including more than $131,000 to Indiana.