Affinity Health Plan will pay more than $1.2 million for HIPAA violations, according to the Health and Human Services Office of Civil Rights. A photocopier it previously leased was sold to television network CBS--the CBS Evening News discovered that the copier had protected health information on its hard drive. Affinity estimated that the breach affected 344,579 individuals.
"OCR's investigation indicated that Affinity impermissibly disclosed the protected health information of these affected individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives," according to the OCR announcement. "In addition, the investigation revealed that Affinity failed to incorporate the electronic protected information stored on photocopier hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the photocopiers to its leasing agents." Article