Health Law Blog: HIPAA Update: Don't Forget Your Photocopiers


Affinity Health Plan has agreed to pay more than $1.2 million to settle potential violations of the HIPAA Privacy and Security Regulations. The alleged violations related to a photocopier previously leased by Affinity which was later returned by Affinity and purchased from the leasing company by CBS News. The photocopier had been returned by Affinity to the leasing company without erasing the data on the copier hard drives. CBS News purchased the copier, informed Affinity that it contained confidential medical information, and Affinity filed a HIPAA breach report with the HHS Office of Civil Rights. OCR’s announcement of the settlement also indicated that Affinity failed to analyze risks presented by the photocopier hard drives in its security risk analysis.

Yesterday’s settlement announcement is another reminder to covered entities to make sure they have an annual security risk analysis that is comprehensive in nature and thoroughly reviews where electronic protected health information is maintained and stored, assesses potential vulnerabilities and risks, and outlines measures the covered entity is taking to address the identified risks. In addition, covered entities can obtain more information on safeguarding data stored in digital copier hard drives at and

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Brown Law Firm | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.