Leased Copiers Cost Plan $1.2 Million
Jamie Scott

One challenge to keeping health information private as required under HIPAA is in knowing all of the places where it is stored in paper form or electronically. HHS just announced a resolution agreement with Affinity Health Plan (a not-for-profit managed care plan serving the New York metropolitan area) after it was discovered that Affinity did not scrub the internal hard drives of its leased photocopiers when they were returned to the leasing agent. The copier hard drives contained the confidential medical information of over 300,000 individuals and Affinity reported the breach to HHS as required under HIPAA.

The resolution agreement with HHS requires Affinity to pay a penalty of $1,215,780 and implement a corrective action plan under which Affinity will conduct a comprehensive risk analysis to determine what security risks and vulnerabilities are associated with all of its electronic equipment or systems.

Search this Blog

Media Contact


Recent Posts

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.