We posted just last week about the Blackbaud multistate settlement, and as we have discussed, health privacy remains a hot topic and is already back in the news. On October 17th, 33 AGs led by Indiana, announced a multistate settlement in the form of a judgment with a Puerto Rico-based health care clearinghouse, Inmediata, for what the AGs alleged was a failure to appropriately safeguard data and a delayed and flawed notification to consumers of a coding issue. As a result, the states said protected health information (PHI) of approximately 1.5 million consumers was exposed to public online searches for almost three years. The AGs alleged, among other things, violations of the Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule and its Breach Notification Rule.