State Attorneys General Secure Settlement in First-Ever Multistate HIPAA Data Breach Lawsuit | Practical Law
An Indiana-based internet electronic health records company and several state attorneys general have reached a $900,000 settlement in litigation involving a data breach of the protected health information (PHI) of 3.9 million individuals. The company, a business associate (BA) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), recently entered into a resolution agreement with the Department of Health and Human Services (HHS) to settle potential HIPAA violations resulting from the same incident.