Affinity Health Plan will settle potential HIPAA violations with $1.2 million after failing to erase leased photocopiers' hard drives of patients' protected health information.
Affinity filed the breach report with HHS' Office for Civil Rights after being informed by the next company to lease one of the photocopiers that patient data remained on the hard drive, as required under the HITECH Act. Up to 344,579 individuals may have been affected, according to the breach report and subsequent HHS investigation.
In addition to the payment of $1.2 million, the terms of the settlement also require Affinity to do its best to recover all the hard drives containing PHI and implement new information safeguarding measures.
More Articles on HIPAA:
15 Things to Know About the HIPAA Omnibus Final Rule Before Sept. 23
Study: Cyber Insurance on the Rise (And How It May Not Be Enough)
10 Ways to Ensure HIPAA Compliance on Social Media