INDIANAPOLIS – By referring consumers to an Indiana-led multistate settlement, federal officials this month tacitly recognized the excellence of Attorney General Todd Rokita’s team.
In announcing its own settlement on Dec. 10 with a Puerto Rico-based healthcare clearinghouse following a data breach, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) pointed consumers to an Indiana-led 33-state settlement with the same company reached more than a year earlier.
“The outstanding attorneys in our Consumer Protection Division are vigilant in safeguarding Hoosiers from corporate misconduct and protecting patient privacy,” Attorney General Rokita said. “It comes as no surprise to me that others would regard our work product as a gold standard.”
Both the federal and state settlements resolve allegations that Inmediata Health Group LLC violated state and federal laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), by exposing consumers’ protected health information online in a data breach.
In a press release, federal officials stated, “Under the settlement terms, Inmediata paid OCR $250,000. OCR determined that a corrective action plan was unnecessary for this resolution as Inmediata had previously agreed to a settlement with 33 states that includes corrective actions that address OCR’s findings in this matter.”
Inmediata’s investigation revealed that a coding issue potentially exposed the electronic protected health information of approximately 1.5 million U.S. individuals.
Under the Indiana-led settlement, Inmediata agreed to overhaul its data security and breach notification practices and make a $1.4 million payment to states — including more than $131,000 to Indiana.
