Press release

Medical Informatics Engineering Announces Regulatory Settlements With OCR, State AGs

Sponsored by Businesswire

Health information technology company Medical Informatics Engineering
announced today that it has settled its investigations with the U.S.
Department of Health and Human Services Office for Civil Rights (OCR)
and a multi-state group of Attorneys General relating to a 2015 cyber
attack that affected seven of the company’s physician practice clients
and its NoMoreClipboard electronic patient engagement subsidiary.

The settlement with the OCR includes a resolution amount of $100,000,
and the AG resolution amount is $900,000. Medical Informatics
Engineering is also actively engaged with Plaintiffs’ counsel to
negotiate final terms of a settlement in a related class action filing.

“The OCR and the state AGs are involved in the enforcement of HIPAA
privacy rules,” explained Medical Informatics Engineering founder
Douglas Horner. “We have cooperated fully with their investigations and
we are pleased to work with them to resolve these matters.”

According to Horner, “Medical Informatics Engineering monitoring systems
detected the attack on May 26, 2015 and we immediately reported it. We
partnered with a team of third-party experts and the FBI to rapidly
remediate attack vectors used by the intruders. We have since made
significant investments in additional safeguards and security measures
to enhance our security posture including security personnel, policies,
procedures, controls, and monitoring/prevention tools. We retained
additional third-party vendors and applications to assist us with both
the protection of health information and auditing/certification of our
information security program.”

“Our organization has been open and transparent about this attack since
we discovered it, and we notified law enforcement authorities within
hours to share information on the perpetrators of this security
incident,” added Horner. “We provided notice to those affected following
the attack, and also paid for two years of credit monitoring protection.
Working with the OCR, the multi-state AG group, and the plaintiffs
underscores our commitment to working with regulators to help safeguard
sensitive patient information.”

About Medical Informatics Engineering

Medical Informatics Engineering was formed in 1995 to make an impact on
healthcare, deliberately harnessing the power of health information to
improve the practice of medicine. Today, the company serves as the
innovation engine for business units that serve hospitals and health
systems, physician practices, Fortune 500 employers and government
agencies. The Medical Informatics Engineering web-based health
information technology platform is helping physicians, nurses,
administrators, and patients make a meaningful difference in healthcare
delivery across the globe.