BEGIN:VCALENDAR
VERSION:2.0
CALSCALE:GREGORIAN
PRODID:iCalendar-Ruby
BEGIN:VEVENT
CATEGORIES:Press Releases
DESCRIPTION:Attorney General Todd Rokita continues his leadership in the fi
 ght to hold HIPAA covered entities accountable for patient privacy in the m
 ost recent multistate settlement with Puerto Rico-based health care clearin
 ghouse Inmediata for a coding issue that exposed the protected health infor
 mation (“PHI”) of approximately 1.5 million consumers for almost three year
 s.  \n\n“Our office will never back down from protecting patient privacy\,”
  Attorney General Rokita said. “All patients deserve privacy and should fee
 l protected by their health care providers.” \n\nAttorney General Rokita le
 d a coalition of 33 attorneys general to investigate the incident and negot
 iate a settlement with the company. \n\nUnder the settlement\, Inmediata ha
 s agreed to overhaul its data security and breach notification practices an
 d make a $1.4 million payment to states. Indiana will receive over $131\,00
 0 from the settlement. \n\nAs a health care clearinghouse\, Inmediata facil
 itates transactions between health care providers and insurers across the U
 nited States. On January 15\, 2019\, the U.S. Department of Health and Huma
 n Services’ Office of Civil Rights alerted Inmediata that PHI maintained by
  Inmediata was available online and had been indexed by search engines.  \n
 \nAs a result\, sensitive patient information could be viewed through onlin
 e searches\, and potentially downloaded by anyone with access to an interne
 t search engine.   \n\nInmediata was alerted to the breach on January 15\, 
 2019\, but they delayed notification to impacted consumers for over three m
 onths and sent misaddressed notices.  Further\, the notices were far from c
 lear—many consumers complained that without sufficient details or context. 
 They had no idea why Inmediata had their data\, which may have caused recip
 ients to dismiss the notices as illegitimate. \n\nThis settlement resolves 
 allegations of the attorneys general that Inmediata violated state consumer
  protection laws\, breach notification laws\, and HIPAA by failing to imple
 ment reasonable data security. This includes failing to conduct a secure co
 de review at any point prior to the breach\, and then failing to provide af
 fected consumers with timely and complete information regarding the breach\
 , as required by law.   \n\nUnder the settlement\, Inmediata has agreed to 
 strengthen its data security and breach notification practices going forwar
 d. \n\nIndiana’s settlement is attached. \n\nInmediata Consent Judgment (00
 2).pdf
DTSTAMP:20260308T141908Z
DTSTART;VALUE=DATE:20231017
LOCATION:
SEQUENCE:0
SUMMARY:Attorney General Todd Rokita protects 1.5 million patients from Inm
 ediata’s data breach\, leads 33 states 
UID:tag:localist.com\,2008:EventInstance_44570098635151
URL:https://events.in.gov/event/attorney_general_todd_rokita_protects_15_mi
 llion_patients_from_inmediatas_data_breach_leads_33_states
END:VEVENT
END:VCALENDAR