Inmediata Health Group has settled a class-action lawsuit that alleges the healthcare clearinghouse didn't secure protected health information (PHI) as required to maintain HIPAA compliance. This led to nearly 1.5 million people having sensitive data exposed. The Puerto Rico-based organization has agreed to pay nearly $1.13 million as a settlement.
What happened?
In January 2019, Inmediata noticed that a misconfigured web setting allowed internal web pages to appear on search engines. The patient data exposed included medical claim information, Social Security numbers, and other identifiable information.
Inmediata responded by shutting down its website. The company also hired a digital forensics team to determine that no exfiltration of data had occurred.
Read more: Safeguard PHI from search engine results - here's how
On top of the data breach, Inmediata made several errors notifying patients of the possible exposure of their personal information. HIPAA requires organizations to notify patients of a data breach within 60 days of discovery.
However, Inmediata didn't send notifications to patients until mid-April. The business associate also had issues with mailing notifications to affected patients. Some of them reported that they received multiple letters or letters addressed to other people. Other patients expressed an unawareness that Inmediata even had their personal information.
Read more: What to do after you violate HIPAA
The HIPAA violations led patients to file a class-action lawsuit in August 2019 regarding the failure to protect PHI and mishandling proper notification procedures. While Inmediata has agreed to pay a $1.13 million settlement, the company denies any wrongdoing.
Protect your digital communications
The cost of not protecting PHI is expensive. Proactively investing in a robust cybersecurity network will pay off in the long run by preventing lawsuits and HIPAA fines, and avoiding corrective action plans.
Every aspect of your digital communications should be secure, and that includes sending HIPAA compliant email. That’s where Paubox Email Suite comes in.
Healthcare professionals find it easy to use since it seamlessly integrates with popular email providers like Google Workspace or Microsoft 365. It uses blanket TLS email encryption to send emails directly to your patients’ inbox.
Paubox is an easy and secure way to send patient data in emails while staying HIPAA compliant.
Try Paubox Email Suite for FREE today.
