Federal officials have recognized the efforts of Attorney General Todd Rokita's team in a settlement with a healthcare clearinghouse, presenting it as a national model. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced its own settlement on December 10 with Inmediata Health Group LLC, a Puerto Rico-based company, following a data breach. This federal settlement came after an Indiana-led multistate agreement with the same firm over a year ago.
Attorney General Rokita expressed pride in his team's work, stating, "The outstanding attorneys in our Consumer Protection Division are vigilant in safeguarding Hoosiers from corporate misconduct and protecting patient privacy." He added that he was not surprised their work is seen as exemplary.
Both the state and federal settlements addressed allegations that Inmediata violated laws including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by allowing consumer health information to be exposed online due to a data breach. Federal officials noted that Inmediata paid OCR $250,000 under their settlement terms and emphasized that no corrective action plan was necessary since the previous multistate agreement already included measures addressing OCR's findings.
Inmediata's investigation found that approximately 1.5 million individuals' electronic protected health information might have been exposed due to a coding issue. As part of the Indiana-led settlement, Inmediata committed to revising its data security and breach notification protocols and made a payment of $1.4 million to the involved states, which included over $131,000 allocated to Indiana.
###