FORT WAYNE, Ind.--(BUSINESS WIRE)--Health information technology company Medical Informatics Engineering announced today that it has settled its investigations with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and a multi-state group of Attorneys General relating to a 2015 cyber attack that affected seven of the company’s physician practice clients and its NoMoreClipboard electronic patient engagement subsidiary.
The settlement with the OCR includes a resolution amount of $100,000, and the AG resolution amount is $900,000. Medical Informatics Engineering is also actively engaged with Plaintiffs’ counsel to negotiate final terms of a settlement in a related class action filing.
“The OCR and the state AGs are involved in the enforcement of HIPAA privacy rules,” explained Medical Informatics Engineering founder Douglas Horner. “We have cooperated fully with their investigations and we are pleased to work with them to resolve these matters.”
According to Horner, “Medical Informatics Engineering monitoring systems detected the attack on May 26, 2015 and we immediately reported it. We partnered with a team of third-party experts and the FBI to rapidly remediate attack vectors used by the intruders. We have since made significant investments in additional safeguards and security measures to enhance our security posture including security personnel, policies, procedures, controls, and monitoring/prevention tools. We retained additional third-party vendors and applications to assist us with both the protection of health information and auditing/certification of our information security program.”
“Our organization has been open and transparent about this attack since we discovered it, and we notified law enforcement authorities within hours to share information on the perpetrators of this security incident,” added Horner. “We provided notice to those affected following the attack, and also paid for two years of credit monitoring protection. Working with the OCR, the multi-state AG group, and the plaintiffs underscores our commitment to working with regulators to help safeguard sensitive patient information.”
About Medical Informatics Engineering
Medical Informatics Engineering was formed in 1995 to make an impact on healthcare, deliberately harnessing the power of health information to improve the practice of medicine. Today, the company serves as the innovation engine for business units that serve hospitals and health systems, physician practices, Fortune 500 employers and government agencies. The Medical Informatics Engineering web-based health information technology platform is helping physicians, nurses, administrators, and patients make a meaningful difference in healthcare delivery across the globe.