Healthcare Co.’s Coding Error Allegedly PHI-cilitates PHI-shing for PHI

  • A bipartisan coalition of 33 AGs settled with health care clearinghouse Inmediata Health Group, LLC and an affiliated entity (collectively, Inmediata) to resolve allegations that Inmediata violated state consumer protection and data breach notification laws, as well as HIPAA, when its failure to implement reasonable data security measures led to the potential exposure of protected health information (PHI).
  • According to the settlement, a coding issue allegedly allowed two Inmediata webpages to be indexed by internet search engine bots for a period of almost three years, potentially exposing the PHI of approximately 1.5 million individuals.
  • Under the terms of the settlement, Inmediata must pay $1.4 million to the states and implement adequate information security safeguards, among other relief.