First HIPAA Lawsuit by State Attorneys General Settled

Medical Informatics Engineering Inc. (MIE) has agreed to pay $900,000 to 16 states whose attorneys general had sued the company over a data breach in violation of the Health Insurance Portability and Accountability Act (HIPAA).


OCR Director Roger Severino

Simultaneously, MIE settled with the Department of Health and Human Services (HHS) for $100,000 and committed to a two-year corrective action plan in a related breach.

The company had earlier self-reported that hackers had accessed the electronic protected health information (ePHI) of about 3.5 million people whose records it maintained.

An investigation by the HHS Office for Civil Rights (OCR) then determined that MIE had not conducted a mandatory comprehensive risk analysis before the incident. This resulted in the fine and corrective action plan, but absolved MIE of admitting guilt.

OCR Director Roger Severino said that the “failure to identify potential risks and vulnerabilities to ePHI opens the door to breaches and violates HIPAA.”

NOTE: The details in this blog are provided for informational purposes only. All answers are general in nature and do not constitute legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The author specifically disclaims any and all liability arising directly or indirectly from the reliance on or use of this blog.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Comments (required)*