In a case that illustrates the data privacy risks associated with modern copiers, the United States Department of Health and Human Resources (HHS) has announced a $1,215,780 settlement with Affinity Health Plan, Inc. (Affinity), arising from an investigation of potential violations of the HIPAA Privacy and Security Rules.

This matter started when Affinity was advised by CBS Evening News that CBS had purchased a photocopier previously leased by Affinity.  CBS explained that the copier’s hard drive contained confidential medical information relating to Affinity patients.  As a result, on August 15, 2010, Affinity self-reported a breach with the HHS’ Office for Civil Rights (OCR).  Affinity estimated that the medical records of approximately 344,000 persons may have been affected by this breach.  Moreover, Affinity apparently had returned multiple photocopiers to office equipment vendors in the past without erasing the data contained upon the … Read More »