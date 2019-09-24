U.S. Sen. Mark R. Warner wrote to the CEO of TridentUSA Health Services on Monday to ask about the company’s data security practices as they relate to Health Insurance Portability and Accountability Act (HIPAA) compliance.

The letter comes after a report found MobileXUSA, an affiliate of TridentUSA Health Services, left an unencrypted server online, exposing the medical data of millions of Americans.

The report claimed many unsecured picture archiving and communication servers (PACS) left the names, dates of birth, medical images, and medical procedures of more than one million Americans accessible to anyone with basic computer expertise.

“While HIPAA lays out some guidelines for secure data storage and transfer, it is not always clear who bears responsibility for securing the data and ensuring the use of proper controls. However, it is certainly the responsibility of companies like yours to control and secure sensitive medical data, maintain an audit trail of medical images, and to ensure the information is not publicly accessible," Warner wrote.

View Sen. Warner's letter below:

Senator Warner is the Vice Chairman of the Senate Intelligence Committee and co-founder of the Senate Cybersecurity Caucus.