in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Penalty: Affinity Settles For $1.2 Million Because Of Copier

There's a saying that once you've taken your sword out of its sheath, it's hard to put it back in.  It appears to perfectly describe the stance on monetary penalties that is being handed out by the Department of Health and Human Services (HHS): not content with fining Mass General Hospital $1 million in 2011 and Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates for $1.5 million in 2012, the HHS has now reached a settlement with Affinity Health Plan for $1.2 million.

With the Final Omnibus Rule going into effect on September 23, it means HIPAA covered entities should take the time to ensure that they are following HIPAA and HITECH, such as using laptop encryption software to secure data on portable computers.

Photocopier at the Center of the Penalty

Why was Affinity Health Plan fine for $1.2 million?  Because they forgot to sanitize their photocopier.  And I'm not referring to the lack of Purell in the machine.

According to the complaint, CBS contacted Affinity in 2010 as part of a news story into modern day copiers.  Like your car, photocopiers also have a significantly computerized component to them.  CBS obtained used photocopiers in the market, and one of the machines' hard drives contained Affinity's data.

The HHS Office of Civil Rights looked into the situation and found that approximately 340,000 people were affected by this particular data breach.  The sheer number of people affected pretty much guaranteed a fine.

In Affinity's defense, most people in 2010 didn't know that photocopiers were really computers.  But then, it didn't really require one to be a rocket scientist to figure it out: a machine that essentially scans your document and creates 15 different copies all collated in reverse order means images are being stored somewhere.

Ignorance is never and cannot be an excuse for failing the law, however.  Hence the fine (or if you prefer, settlement).

While the above fine has nothing to do with laptops, the Mass Eye and Ear case did: a laptop computer that was not secured with encryption software was lost, triggering the $1.5 million fine.

The message here is that HIPAA covered entities (and beginning in late September, their Business Associates) must pay attention to ePHI in all its forms.  The use of laptop encryption is a no brainer.  But, photocopiers, CDs, DVDs, backup tapes, smartphones, USB flashdrives and any storage media where ePHI can be stored must be secured in some way.
Related Articles and Sites:
http://www.databreachtoday.com/12-million-penalty-in-copier-breach-a-5991
http://ehr20.com/2013/08/affinity-health-plan-to-settle-potential-violations-of-hipaa-for-usd-1-2-million/

 

 
<Previous Next>

HIPAA Encryption: Netbook Causes Data Breach At Caledonia Home Health Care & Hospice

HIPAA Final Omnibus Rule: Attorney Says Federal Officials Promoting Encryption

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.