$1.2 Million Settlement Agreement Announced for HIPAA Charges Involving Leased Photocopiers


The Department of Health and Human Services announced on August 14, 2013, that it entered into a settlement agreement with Affinity Health Plan, Inc. (Affinity) resolving allegations that Affinity violated the Health Insurance Portability and Accountability Act (HIPAA).  In 2010, as required by the Health Information Technology for Economic and Clinical Health Act, Affinity reported a data breach involving protected health information (PHI) on leased photocopiers.  Affinity had failed to properly erase the hard drives of its leased photocopiers before returning them to the supplier, resulting in the disclosure of the PHI of 344,579 individuals. 

In addition to a $1.2 million payment to the federal government, the settlement agreement also required Affinity to enter into a corrective action plan to secure PHI by retrieving the photocopier hard drives it previously used, conduct a risk analysis, and revise its PHI containment policies and procedures as necessary.  The settlement agreement, available here, serves as a reminder that not only does HIPAA require confidential treatment of PHI, but also the ongoing analysis of security risks and implementation of policies to secure PHI.  To assist businesses in developing such policies, the Federal Trade Commission has issued a guide regarding the secure treatment of information stored on photocopier hard drives, available here.  

Reporter, Paige Fillingame, Houston, +1 713 615 7632, pfillingame@kslaw.com

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:


King & Spalding on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.