Several State attorneys general have grouped together to bring a lawsuit under health care privacy laws. The suit is against a medical records company that breached the privacy of patient records. Typically, the U.S. Department of Health and Human Services, not State attorneys, brings action to enforce violations of HIPAA.
The action is against a medical records company, Medical Informatics Engineering Inc., that encountered a data breach in 2015. Medical Informatics Engineering provides a web-based electronic health record program to health care providers. During the incident, personal information of more than 3.9 million patients were accessed without authorization. Hackers accessed name, address, phone number, date of birth, security question answers, email addresses, health information and Social Security numbers.
The lawsuit brings claims against HIPAA and violation of state laws.
