In 2010 CBS Evening News purchased a photocopier previously used by New York City area Affinity Health Plan and discovered patient-identifiable medical records on the device’s hard drive – which had never been erased. The photocopier was one of approximately seven Affinity sold or returned to leasing agents around the same time. Affinity estimates the breach involved over 300,000 records and will be paying in excess of $1.2 million in a settlement agreementwith the Department of Health and Human Services.
Via Modern Healthcare:
Healthcare organizations need to consider all kinds of digital devices, including photocopy machines, in examining their data security.
That’s the takeaway from HHS’ Office for Civil Rights announcement that Affinity, a managed-care plan serving the New York metropolitan area, will pay more than $1.2 million in a settlement agreement for a breach of personally identifiable health records under the privacy and security protections of the Health Insurance Portability and Accountability Act of 1996.