Tennessee To Receive Over $71K In Settlement With Company That Exposed Protected Health Information
Image Credit: Defense Visual Information Distribution Service / PICRYL / Public Domain
Press Release –
Nashville – Attorney General Jonathan Skrmetti announced that Tennessee and 32 other attorneys general have reached a settlement with healthcare clearinghouse Inmediata for a coding issue that exposed the protected health information (“PHI”) of approximately 1.5 million consumers for almost three years.
Under the settlement, Inmediata has agreed to overhaul its data security and breach notification practices and make a $1.4 million payment to states. Tennessee will receive $71,273 from the settlement.
As a healthcare clearinghouse, Inmediata facilitates transactions between healthcare providers and insurers across the United States.
On January 15, 2019, Inmediata learned that PHI was available online and had been indexed by search engines. As a result, sensitive patient information could be viewed through online searches and potentially downloaded by anyone with access to an internet search engine.
Yet, Inmediata delayed notification to impacted consumers for over three months.
Further, the notices were frequently misaddressed and were far from clear. Many consumers complained that without sufficient details or context, they had no idea why Inmediata had their data, which may have caused recipients to dismiss the notices as illegitimate.
The settlement resolves allegations that Inmediata violated state consumer protection laws, breach notification laws, and HIPAA by failing to implement reasonable data security and failing to provide affected consumers with timely and complete information regarding the breach, as required by law.
Under the settlement, Inmediata has agreed to strengthen its data security and breach notification practices in the future, including the implementation of a comprehensive information security program with specific security requirements, development of an incident response plan, and annual third-party security assessments for five years.
Indiana led the multistate investigation, assisted by the Executive Committee consisting of Connecticut, Michigan, and Tennessee, and joined by Alabama, Arizona, Arkansas, Colorado, Delaware, Georgia, Iowa, Kansas, Kentucky, Louisiana, Maryland, Massachusetts, Minnesota, Mississippi, Montana, Nebraska, New Hampshire, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Puerto Rico, Rhode Island, South Carolina, Utah, Washington, West Virginia, and Wisconsin.
I don’t see anything in the paltry money TN gets that pays the consumers who were screwed over by the company.
Do the people that are affected by this breach get any of this money ?
NO $ for the people who have their info exposed!!!! ZERO…NADA…. TN had another issue just like this discovered in May this year. The Tennessee Consolidated Retirement System hired a 3rd party file transfer company to move files around for the retired employees of this state. Of course, the 3rd party company exposed retirement files to the dark web. SSN numbers, payments/checking acct numbers, email addresses, driver license numbers, beneficiary info….yada yada. U name it they let it get out there. TCRS sent all of us a letter over a month after the breach was discovered to check our credit report. So what…the info is already out there and the bad guys have had plenty of time to destroy peoples lives. Recently we received a pre paid offer to use a credit monitoring service. Again so what! Guess thats supposed to make it all better. I have already had someone in Nashville get into my actual checking account and attempt to transfer $ from it. Fortunately I have all my accounts locked. Thats the only thing that saved me from losing $5000 at 3 am in the morning. Thanks TCRS!!! How many people did this happen to that do not have their accounts locked??? It’s requires multiple weeks / months and a lot of stress to clean up this kind of mess. My big issue: The state has their own IT dept to do file transfers. Why do they need to waste taxpayer $ on a 3rd party?? If they would have performed this file transfer process in house no one would have their life exposed to some “Soy Boy / Antifa” follower in his mommies basement. In the case presented in this article the company Inmediata has responsibilities to protect data. The insurance companies using this company failed to perform the proper research before they contracted with this 3rd party? I blame the state Contracting Officers and IT Depts for all the states involved! Just as I do for the TN Consolidated Retirement System!! Is AG Skrmetti doing anything about the TCRS breach, or is just being overlooked / hidden from the public cuz’ it was a TN state office?? Inquiring minds want to know….