Insight Global Settles Class Action Data Breach Lawsuit

Posted by HIPAA Journal

Insight Global LLC has agreed to settle a class action lawsuit that was filed in response to an April 2021 data breach that exposed the contact tracing data of more than 76,000 Pennsylvania residents.

Insight Global was appointed the administrator of Pennsylvania’s contact tracing program during the pandemic. Performing the contracted duties required Insight Global to collect a range of sensitive information including names, telephone numbers, email addresses, sexual orientation, family size, health data, indications of exposure to COVID-19, and whether individuals required any support services.

Several Insight Global employees created Google accounts to share information, including documents and spreadsheets containing contact tracing data. When the unauthorized accounts were discovered, Insight Global instructed its employees to stop using the accounts and ensure information was secured. The issue with using unauthorized Google accounts was sensitive data was sent to servers that were outside the control of Insight Global and could potentially be accessed by unauthorized individuals. According to Insight Global’s data breach notice, the information was sent to personal Google accounts and via non-secure channels between September 2020 and April 2021. Insight Global said it discovered the security issue on April 21, 2021.

A lawsuit was filed on behalf of one of the individuals whose data had been exposed, Lisa Chapman, and similarly situated individuals who had their sensitive personal and health information exposed and potentially obtained by unauthorized individuals. The lawsuit named Insight Global and the Pennsylvania Department of Health, although the Department of Health was later dropped from the lawsuit.

The lawsuit claimed Insight Global failed to implement adequate and reasonable security measures to ensure consumers’ protected health information was secured. The lawsuit also alleged Insight Global was aware that its employees were using unsecured data communication and storage methods since at least November 2020, but failed to take action to address the problem until April 2021. The lawsuit also alleged Insight Global failed to issue timely notifications about the data breach and that when notifications were sent, the information included was inadequate. For instance, the notifications did not inform individuals that their information had been accessed by an unauthorized individual.

The lawsuit alleged the plaintiff and class members face an increased risk of identity theft and fraud due to the exposure of their personal and health information and that they have and will continue to need to continue to incur out-of-pocket expenses to protect themselves against identity theft and fraud.

Insight Global chose to settle the lawsuit with no admission of wrongdoing. Under the terms of the settlement, class members will be entitled to receive up to $250 as compensation for out-of-pocket expenses incurred due to the data breach, which includes lost time at $20 per hour. Two years of credit monitoring services will be provided. Claims for documented extraordinary losses will also be accepted up to a maximum of $5,000.

The post Insight Global Settles Class Action Data Breach Lawsuit appeared first on HIPAA Journal.

Estipona Group Awarded Compliancy Group’s Seal of HIPAA Compliance

Posted by HIPAA Journal

The Nevada-based creative marketing agency, Estipona Group, has achieved compliance with the federally mandated standards of the Health Insurance Portability and Accountability Act (HIPAA) and has demonstrated its commitment to protecting the privacy and security of its clients’ patient health information.

Estipona Group works extensively in healthcare and the company’s marketing work often has a direct impact on people’s lives and health. The agency currently represents Immunize Nevada, a statewide agency working to protect individuals from diseases and illnesses prevented by vaccines, and Nevada Health Centers, a federally qualified health center that provides access to quality healthcare services throughout Nevada. As a HIPAA-compliant agency, Estipona Group works closely with public health partners to ensure all communications are sound, ethical, and lawful.

Estipona Group partnered with Compliancy Group to ensure the agency was fully compliant with all provisions and implementation specifications of HIPAA and the HITECH Act and used Compliancy Group’s proven HIPAA methodology, which includes a 6-stage risk analysis and remediation process. After completing that process and having the company’s compliance plan assessed, Compliancy Group awarded the HIPAA Seal of Compliance to the marketing agency.

“HIPAA is the highest standard of client data protection,” said Estipona Group president and CEO, Edward Estipona. “We understand the importance of protecting our clients’ sensitive information, and earning this seal ensures we have the systems and structures in place to ensure the safety of their patient data.”

The HIPAA Seal of Compliance confirms the agency has implemented comprehensive policies and procedures to ensure the confidentiality and integrity of client and patient data and is committed to ensuring its healthcare clients’ data are safe and secure. In completing this rigorous compliance process, Estipona Group can now provide enhanced services as knowledgeable HIPAA-compliant marketers.

The HIPAA Seal of Compliance demonstrates Estipona Group has implemented and is committed to maintaining:

  • Administrative, technical, and physical safeguards of the HIPAA Security Rule.
  • Remediation plans designed to properly adjust any gaps discovered in audits of the agency.
  • Inclusion of policies and procedures that will address HIPAA regulatory compliance.
  • A training program for all employees that demonstrates policy and procedural understanding and compliance.
  • An audit of the agency’s documentation.
  • The completion and management of a Business Associate Agreement.
  • A comprehensive procedure for incident management in the event of a data breach or potential violation of HIPAA compliance.

“Achieving HIPAA compliance was complicated but well worth the agency’s investment of time and infrastructure adjustments,” explains Estipona. “Protecting personal data is one of the great challenges of the digital age and we are pleased that now our clients will have the highest assurance that we will be good stewards of their patients’ sensitive health information in their marketing communications.”

The post Estipona Group Awarded Compliancy Group’s Seal of HIPAA Compliance appeared first on HIPAA Journal.