A high profile HIPAA data breach at Affinity Health Plan caused by PHI on a discarded photocopier has resulted in a 1.2 million fine by Health and Human Services. A discarded photocopier, you read that right. It didn’t help that the CBS Evening News bought the used photocopier and was able to retrieve PHI.
“OCR conducted an investigation and found that “Affinity impermissibly disclosed the protected health information of these affected individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives.”
In addition, OCR found that “Affinity failed to incorporate the electronic protected information storied on the photocopier hard drives in its analysis of risks and vulnerabilities as required” under HIPAA”
PHI on mobile and integrated devices is an overlooked problem when it comes to HIPAA privacy and security. Hopefully this will serve as a education warning to other HIPAA covered organizations.
You can read the whole article here: Affinity Health Plan To Pay HHS $1.2M Over Patient Data Breach