Affinity Health Plan was charged over $1.2 million for HIPAA violations after it failed to clear the memory on photocopy machines it returned to a leasing company.
CBS News purchased a photocopier that was previously leased by Affinity Health. The network learned that medical information was on the copier’s hard drive. After an investigation, it was determined that Affinity health did not wipe the hard drive of its photocopiers before they returned them. The Health Plan did not include photocopiers in its HIPAA risk analysis. It is estimated that over 300,000 patients had information copied on the machines.
This brings to the forefront the importance of considering equipment that retains electronic information. All personal information should be removed from hardware before it is recycled or repurposed.
