How To Avoid A HIPAA Breach from Your Photocopier

If your practice leases photocopy machines, you need to be aware that a copier hard drive may contain your patients’ protected health information (“PHI”).  It is imperative that practices recognize that a photocopier stores  electronic PHI, and not unwittingly upgrade photocopier machine without first clearing the hard drive of all protected health information.

Affinity Health Plan, Inc. had to learn this lesson the hard way, and it was a lesson that many other practices should heed.  The U.S. Department for Health & Human Service, Office of Civil Rights’, “investigation indicated that Affinity impermissibly disclosed the protected health information of up to 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives.  In addition, the investigation revealed that Affinity failed to incorporate the electronic protected health information stored in copier’s hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the hard drives to its leasing agents.”  The full synopsis, Resolution Agreement, and press release can be read here.

Affinity Health Plan, Inc. learned the hard way.  Not only did it harm its reputation, but it also had to pay HHS $1,215,780.00 for its data breach.  Healthcare providers must be extremely cautious with regard to ePHI and must be steadfast in safeguarding PHI.  Otherwise, you may face disastrous penalties.

Tell us how you prepared for the HITECH Act and Final Rule to avoid breaches?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.