Archive

Archive for the ‘HIPAA Compliance’ Category

Health Plan Company Settles with Health & Human Services (HHS) for $1.2 Million in Copier Hard Drive HIPPA Violation Case

January 22, 2014 Leave a comment

Under a settlement with the U.S. Department of Health and Human Services (HHS), Affinity Health Plan, Inc. based in Bronx, New York will settle potential violations of the HIPAA Privacy and Security Rules for $1,215,780.

The Office for Civil Rights’ (OCR) investigation indicated that Affinity impermissibly disclosed the protected health information of up to 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives.

In addition, the investigation revealed that Affinity failed to incorporate the electronic protected health information stored in copier’s hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the hard drives to its leasing agents.

Bottom line, if you are a physician or health care provider make sure that your copier company is protecting you by following proper information security procedures namely wiping the hard drive or removing the hard drive before selling or leasing the copier to someone else.

Click the link below to see the CBS News report that opened up this case.

If you have questions about this post or any general copier buying questions fill out the form below or contact me, Ed Worthington, directly at 443-570-0414. Thanks for stopping by. Have a fun day.

Advertisements

Physicians & Healthcare Providers- Is Your Copier Company HIPAA Compliant? If Their Not, You’re At Risk!

December 22, 2013 Leave a comment

If you own or manage a physician or healthcare providers office it is VERY IMPORTANT that you fully understand new HIPPA regulations that took effect on September 23, 2013.

According to the head of the Office for Civil Rights (OCR) which is part of the Department of Health and Human Services (HHS) these are “the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.”

As a summary of the changes the American Medical Association (AMA) released the following statement:

“In general, the new rules expand the obligations of physicians and other health care providers to protect patients’ protected health information (PHI), extend these obligations to a host of other individuals and companies who, as  “Business Associates,” have access to PHI, and increase the penalties for violations of any of these obligations….”

So what does this have to do with your copier company? Actually a whole lot.

Companies that handle your patients PHI (also know as your “Business Associates”) are now obligated to comply with the Security and Breach Notification Rules. If they’re not, they’re putting you at risk.

Your Business Associate’s could include your copier vendor , your IT vendor, your shredding vendor, ect… Anyone who has access and handles your patients’ PHI.

So if you’re copier company isn’t complying with these new rules, you should seriously consider finding one that is.

To demonstrate what’s at stake for you, click on the following link to read about the Managed Care company that received a $1.2 million fine for a security breach where the copier company was partially at fault.

http://wp.me/p23icE-7nt

If you have any questions about the new HIPAA rules or any question about copier purchasing/leasing in general feel free to fill out the form below or contact me directly. Ed Worthington 443-570-0414