Patient data exposed
Inmediata Health Team, Corp., a provider of clearinghouse services, software, and business digesting solutions to health plans, hospitals, IPAs, and independent physicians recently introduced a security incident affecting some consumer data.
The occurrence was discovered in January 2019 whenever Inmediata found a misconfigured web page was allowing some electronic information about health to be viewed publicly. The web page was allowing search engines to catalog Inmediata’s internal webpages that were employed for business operations and not intended for general public view.
The thing that was exposed?
The information involved in this incident consists of patients’ names, dates of delivery, genders, and medical claims info, with some affected individuals, potentially having their particular Social Security numbers exposed.
There is currently no info available on how many individuals were impacted and how long the webpage has been publicly accessible.
Inmediata’s next steps
Once Inmediata became conscious of the incident, the misconfigured web page was deactivated, and a computer forensics company was engaged to assist with all the investigation.
At this time, there is absolutely no evidence to suggest the shown information was subjected to unauthorized accessibility or misuse, however , the possibility could hardly be ruled out.
Inmediata began notifying affected individuals by postal mail on April 22, 2019. The particular notification letters included information about the particular incident and steps the individuals should take to monitor and secure their personal information.
Verify you’re working with HIPAA up to date vendors
This particular breach serves as an important reminder that will it’s not always the Covered Organization that causes a data breach.
It is critical to ensure you are working along with vendors who are taking the appropriate procedures to protect your patient data, which you have a Business Associate Agreement in position with those vendors from the start of the contract with them.
Additionally , you should verify your Business Associates (BAs) are ensuring their own HIPAA conformity on an annual basis. One way of carrying this out is by sending your BAs a compliance check. If you’re dealing with compliant vendors, they should be happy to react to your request.
If you discover you’re working with a non-compliant supplier, it may be time to rethink your romantic relationship with them. After all, a data infringement caused by them has a direct effect on you.