Remember when copiers were simple—just paper in, copies out? Once they began scanning and faxing, copiers evolved not just in capability, but as a HIPAA risk. A health plan just paid a $ 1.2 million penalty because a copier it discarded ended up on the TV news.
Buried in your copier is a hard drive used to create an image of the original page that is then sent to a folder, attached to an e-mail, or sent by fax. Over 20,000 images can stay on the drive long after you have walked away, lurking as a HIPAA risk.
If the drive is not removed from the copier when your lease is up or if you replace it, or if a repair includes the replacement of the drive, your old drive can become an expensive data breach. Just ask Affinity Health Plan, since it just paid $ 1,215,780 for a breach that it reported over three years ago. CBS Evening News bought a used copier previously leased by Affinity and discovered confidential information on the drive. (Like you, I wonder too why it took 3 years for the penalty after the breach was reported.)
Affinity Health Plan is a not-for-profit managed care plan serving the New York metropolitan area. It estimated that up to 344,579 individuals may have had their data breached. The investigation by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) revealed that Affinity had not included its copiers in its HIPAA Risk Analysis, the first requirement of HIPAA and the foundation for eliminating or reducing risks associated with electronic Protected Health Information (ePHI.) By missing this HIPAA risk, Affinity did not erase the drives prior to returning the copiers after their lease.
Others have learned from this breach, and have taken steps to reduce the HIPAA risk hiding unnoticed in copiers. Recently a health care provider in Las Vegas was notified by its copier company that their copiers were going to be replaced. The vendor included a checklist detailing how the data was going to be removed from the copiers’ hard drives—prior to the copiers leaving the office. This vendor was on the ball when it came to HIPAA risk awareness, and reduced the possibility of a data breach both for their company and their client by erasing the drives on site.
Find out how outsourcing your IT Suport to TMS can help keep your healthcare pracice in Ranchoc Cucamonga, Los Angeles, Pasadena and Antelope Valley HIPAA compliant, Call today 800-519-1872
To read rest of this article written by Mike Semel Click Here