State Attorneys General Secure $10 Million Settlement in Multistate HIPAA Data Breach Lawsuit | Practical Law
A Washington-based health insurer and several state attorneys general have reached a $10 million settlement arising from a data breach involving more than ten million individuals' protected health information (PHI). The settlement requires the insurer, a covered entity and business associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), to take numerous steps to protect the PHI in its possession.