Attorney General Files First Multi-State HIPAA-Related Data Breach Lawsuit


Attorney General Peterson announced that he, along with attorneys general from ten other states and commonwealths, has filed a Complaint in the U.S. District Court for the Northern District of Indiana against Medical Informatics Engineering, Inc. and NoMoreClipboard, LLC, (collectively “MIE”) a web-based electronic health record company headquartered in Fort Wayne, Indiana.  The Complaint alleges the company violated provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) as well as state claims including Unfair and Deceptive Practice laws, Notice of Data Breach statutes, and state Personal Information Protection Acts.  Today’s filing marks the first time state attorneys general have joined together to pursue a HIPAA-related data breach case in federal court.

Between May 7, 2015, and May 26, 2015, hackers infiltrated WebChart, a web application run by MIE.  The hackers stole the electronic Protected Health Information (“ePHI”) of more than 3.9 million individuals, including individual names, telephone numbers, mailing addresses, usernames, hashed passwords, security questions and answers, spousal information (name and potentially dates of birth), email addresses, dates of birth, Social Security numbers, lab results, health insurance policy information, diagnoses, disability codes, doctors’ names, medical conditions, and children’s names and birth statistics.    

Attorney General Peterson stated, “State attorneys general play a critical role in safeguarding the privacy and personal information of consumers. I take this obligation seriously and today’s action serves as a reminder that the business community must take their obligations to protect consumers’ personal information seriously as well.”