Elizabeth Litten and Michael Kline were featured in the Medical Practice Compliance article "Review Your Digital Use Policy in Light of $1.2 Million Copier Breach." While the full text can be found in the September 16, 2013 issue of Medical Practice Compliance, a synopsis is noted below.
Affinity Health Plan was fined $1.2 million for a security breach involving the use of leased digital photocopiers. Affinity failed to destroy the information stored on the hard drives of the copiers, which included medical records, licenses and other information, before returning them. CBS bought one of the photocopiers and discovered the stored information, quickly turning it into a national news story.
The penalty for this case is so high because the government is trying to send the message that they are taking violations seriously, no matter how unintentional.
"HHS is making an example of Affinity. Everyone will pay attention to this," says Litten.
Kline says that the penalty is likely so high because it affected so many (344,579) patients.
This breach was the first to involve a photocopier. Because use of the machines cannot be avoided, Litten and Kline recommend the following steps to avoid issues:
- Make sure that your privacy and security policies and procedures to safeguard PHI include PHI located on copiers.
- Follow government recommendations when buying or leasing copiers.
- Make sure that the practice is otherwise compliant with HIPAA.
Originally published in Medical Practice Compliance.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.