Okay, I have now read the actual press release from Quest. What really happened is this:
- Quest contracts with Optum360 (“Our solutions provide a modern healthcare revenue cycle”, whatever the fuck that means)
- Optum360 contracts with American Medical Collection Agency (AMCA) (“a billing collections service provider”)
- ACMA fucks up.
- ACMA notifies Optum360
- Optum360 notifies Quest
- Quest notifies securities regulators and issues a press release.
Fortunately/Unfortunately, I don’t think ACMA had any data that would render them liable under HIPAA, any more than, say, a credit card company would if you used a credit card to pay at the doctor’s office.