Digital Copiers & Scanners Pose HIPAA Breach Risk

It may come as a surprise to many physician offices and other health care providers that the digital copier, scanner, or fax they use every day in their office poses a significant HIPAA breach risk. Recently, Affinity Health Plan realized this risk the hard way after they had returned leased digital copiers without first wiping the copiers' hard drive. Doing so resulted in a settlement with the US Department of Health and Human Services of over one million dollars for alleged HIPAA violations due to the copies of medical records that had remained on the digital copiers and scanners' hard drives after the copies were made. Affinity (serving the New York metropolitan area) reported to HHS that upwards of 300,000 people might have been affected by the breach caused when they returned multiple leased copiers to the leasing company without erasing the copiers' hard-drives. Affinity learned of this potential breach from representatives of the CBS Evening News who bought one of those machines when they were conducting an investigative report regarding documents stored on the hard drives of digital copiers and scanners.

All businesses leasing digital copiers and scanners should take heed of this significant settlement.

The Settlement Agreement was finalized on August 7, 2013.

To see the HHS Resolution Agreement and CAP on the Office of Civil Rights website, please click here.

To see the CBS Evening News Report, click here.


Back to News & Trends