Health care clearinghouse Inmediata to pay $1.4M for data breach
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
Inmediata, a Puerto Rico-based health care clearinghouse, will pay $1.4 million after a coding issue is believed to have revealed the protected health information of about 1.5 million consumers.
The privacy incident is believed to have occurred over almost three years, according to a press release from Indiana Attorney General Todd Rokita’s office.
Rokita was a part of a 33-state coalition that investigated and negotiated a settlement with Inmediata.
Of the company’s promised $1.4 million, Indiana is expected to receive more than $131,000.
Officials say that Inmediata was first alerted of that patients’ privacy had been indexed by online search engines on January 15, 2019, but that the company delayed acting upon this information. Officials further say Inmediata consumers complained the company did not provide sufficient details or context about the incident.
The attorneys general that investigated Inmediata say they believe the company violated state consumer protection laws, breach notification laws and HIPAA, a federal law that sets limits on the disclosure of personal health data.
Inmediata has since agreed to strengthen its data security and breach notification practices in the future, the state’s attorney general’s office said.