Review Your Digital Use Policy in Light of $1.2 Million Copier Breach

September 16, 2013 – In The News
Medical Practice Compliance Alert

Elizabeth Litten and Michael Kline were featured in the Medical Practice Compliance Alert article “Review Your Digital Use Policy in Light of $1.2 Million Copier Breach.” While the full text can be found in the September 16, 2013 issue of Medical Practice Compliance Alert, a synopsis is noted below.

Affinity Health Plan was fined $1.2 million for a security breach involving the use of leased digital photocopiers. Affinity failed to destroy the information stored on the hard drives of the copiers, which included medical records, licenses and other information, before returning them. CBS bought one of the photocopiers and discovered the stored information, quickly turning it into a national news story.

The penalty for this case is so high because the government is trying to send the message that they are taking violations seriously, no matter how unintentional.

“HHS is making an example of Affinity. Everyone will pay attention to this,” says Litten.

Kline says that the penalty is likely so high because it affected so many (344,579) patients.

This breach was the first to involve a photocopier. Because use of the machines cannot be avoided, Litten and Kline recommend the following steps to avoid issues:

  • Make sure that your privacy and security policies and procedures to safeguard PHI include PHI located on copiers.
  • Follow government recommendations when buying or leasing copiers.
  • Make sure that the practice is otherwise compliant with HIPAA.