Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Blogs
    • AI
    • Deals
    • Layoff Tracker
    • HIMSS 2023
  • Opinion
    • Breaking Bias
    • Commentaries
    • Letters
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - AI and Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Sponsored Video Series - One on One
    • Sponsored Video Series - Checking In with Dan Peres
  • Data & Insights
    • Data & Insights Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Information Technology
August 15, 2013 12:00 AM

HHS wants photocopy machines examined as part of data security

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    Healthcare organizations need to consider all kinds of digital devices, including photocopy machines, in examining their data security.

    That's the takeaway from HHS' Office for Civil Rights announcement that Affinity, a managed-care plan serving the New York metropolitan area, will pay more than $1.2 million in a settlement agreement for a breach of personally identifiable health records under the privacy and security protections of the Health Insurance Portability and Accountability Act of 1996.

    Affinity reported the breach to the civil rights office in April 2010 after learning from CBS News that patient-identifiable health information had been left on one of its copying machines, according to an OCR summary of events. It had sold the machine to a reseller in 2009. The OCR thinks Affinity actually sold about seven of its old machines containing member data, compromising confidentiality for more than 300,000 records.

    "This settlement illustrates an important reminder about equipment designed to retain electronic information: Make sure that all personal information is wiped from hardware before it's recycled, thrown away or sent back to a leasing agent," Leon Rodriguez, director of the civil rights office, said in the news release. “HIPAA covered entities are required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals' data, and have appropriate safeguards in place to protect this information,” Rodriquez said.

    The breach made a CBS Evening News program that month, part of a broadcast segment on data security risks posed by copying machines that have computer storage drives on them and are often disposed of without having the drives wiped clean of information.

    Featured in the news report were copiers selected at random from the warehouse of a New Jersey reseller of used office equipment. They included one used by Affinity and one each from the sex crimes and narcotics units of the Buffalo, N.Y., police department. The machines gave CBS copies of documents that included medical information such as prescription-drug data, blood-test results and a cancer diagnosis, as well as the names of sex-crime victims and drug-raid targets, according to the broadcast.

    The news broadcast brought the problem to the attention of other federal officials, including the Federal Trade Commission and Congress.

    CBS reported buying and analyzing only one of Affinity's retired copiers, finding 300 pages of personally identifiable medical information on its hard drive. But the health plan listed 344,579 patient records as having been compromised in November 2009, according to a summary of its breach report to the civil rights office posted on its “wall of shame” website, implying multiple machines were involved.

    “I think there are roughly seven,” said Rachel Seeger, a spokeswoman for the civil rights office. An Affinity spokeswoman did not return calls for comment at deadline.

    As part of its settlement with OCR, Affinity agreed to a corrective action plan in which it must “use its best efforts” to retrieve “all photocopier hard drives that were contained in photocopiers previously leased by AHP that remain in the possession of Canon Financial Services,” the leasing agent, according to Seeger.

    If Affinity can't retrieve all the copier hard drives, it has to provide OCR with documentation “explaining its 'best efforts' and the reason it was unable to retrieve” them, the agreement said. If the drives can't be located, an OCR regional office overseeing the agreement will base its assessment of compliance on “review and approval of the documentation explaining why its efforts failed to retrieve the hard drives,” the agreement said.

    Since breach reporting to OCR became mandatory under the American Recovery and Reinvestment Act in September 2009, there have been 646 major breaches posted to its web site for the public disclosure of breaches affecting the records of 500 or more individuals. Combined, they these larger breaches have exposed patient-identifiable information on at least 22.6 million people.

    In its news release, the civil rights office also included links to more information about safeguarding sensitive data stored on copying machines and to a National Institute of Standards and Technology guide to cleaning up digital storage media.

    Follow Joseph Conn on Twitter: @MHJConn

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    Racial disparity hospital
    Providers confront racial bias engrained in EHRs
    Most Popular
    1
    Centene to lay off 2,000 workers
    2
    How health systems are battling price-gouging allegations
    3
    Senate advances bill to temporarily aid hospitals, health centers
    4
    Elevance, Blue Cross Louisiana halt $2.5B proposed deal
    5
    Tower Health to sell urgent care centers, close others
    Sponsored Content
    Digital Health Intelligence Newsletter: Sign up to receive a twice-weekly (T, F) morning newsletter featuring the latest reporting on technologies, trends, players and money fueling the rapid changes in how healthcare is developed, paid for and delivered.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Help Center
    • Advertise with Us
    • Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Blogs
      • AI
      • Deals
      • Layoff Tracker
      • HIMSS 2023
    • Opinion
      • Breaking Bias
      • Commentaries
      • Letters
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - AI and Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Sponsored Video Series - One on One
      • Sponsored Video Series - Checking In with Dan Peres
    • Data & Insights
      • Data & Insights Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing