News and Insights
Visit regularly for up-to-date information on relevant news, firm announcements and additions to our AZ Health Law Blog.
OCR Assesses Penalties for PHI Remaining on Storage Device
On August 14, 2013, the Office for Civil Rights (“OCR”) settled violations of HIPAA with Affinity Health Plan, Inc., for over $1.2 million. The settlement arose out of a breach report submitted by Affinity in which it acknowledged that information relating to possibly 344,579 individuals may have been improperly disclosed.
The improper disclosure was revealed s part of an investigative news report in which CBS Evening News purchased a photocopier previously leased by Affinity. CBS reported to Affinity that the hard drive of the copier contained protected health information (“PHI”). After investigating the breach, Affinity reported the breach to OCR. OCR’s investigation concluded that Affinity impermissibly disclosed the PHI by returning the leased copiers without erasing the data on the hard drives. In addition to the monetary settlement, Affinity was required to enter into a corrective action plan under which Affinity must use its best efforts to retrieve all hard drives that were contained on copiers previously leased by Affinity and take measures to safeguard any electronic PHI.