HIPAA Security BreachHIPAA Security breaches often involve computers, emails, and servers. However, a recent breach involved photocopiers, resulting in a $1.2 million resolution agreement. Affinity Health Plan’s violation was discovered by the HHS Office for Civil Rights (OCR).

The health plan failed to make sure the data was erased from the photocopier’s hard drives before switching the leased copiers. As a result, over 340,000 participants’ protected health information was disclosed.

Most photocopiers built within the last decade contain hard drives that allow the copier to scan, fax, and store various documents. The hard drives also store the images of the documents scanned, however, most people don’t consider photocopiers to have long-term memories.

During its risk analysis, the Affinity Health Plan failed to consider this potential security threat. Meanwhile, the HIPAA Security Rule requires healthcare providers to account for this possibility during risk analysis.

In addition, the health plan failed to carry out an EPHI disposal policy. The OCR’s resolution agreement doesn’t include evidential proof that the PHI was disclosed past the leasing agent for the copiers. In fact, the health plan would most likely be able to retrieve the data within five days.

This settlement should provide an important reminder for healthcare organizations: most photocopiers store electronic information. It’s important to add safeguards to wipe all copiers clean before leaving the premises.

Often, photocopiers are re-leased or sold with the previous users’ data on the hard drive, leaving significant potential for disclosure of protected information. Healthcare providers will be held liable if protected health information is disclosed.

To avoid liability, healthcare providers must implement programs to deal with retiring copiers when they reach the end of their useful life or lease. The first step should involve discussing the potential risk with your IT provider. Make sure your IT department is involved in selecting, installing, and retiring copiers. When the time comes, an IT professional should make sure the hard drive is wiped of all data.

Looking for an IT company who understands HIPAA/HITECH?  {company} has experience working with medical organizations across {city}.  Call us at {phone} or email us at {email} and have our medical IT services team working for you. 

Check Out Veltec’s Latest Videos On Technology & Cybersecurity

Regularly Test Your Data Backup & Recovery Systems | Veltec Networks | San Jose IT |

Happy World Password Day 2021 From Veltec Networks

Minimize Your Risk | Cybersecurity Basics | Veltec Network Webinar | 03/29/21

Ransomware Removal In San Jose (Experts Ready To Help)

The Dark Web Is Full Of Your Personal Information | Cybersecurity Tips In San Jose

Essential Questions To Ask When Hiring An IT Company | San Jose, CA | Veltec Networks