Wednesday, August 21, 2013

Failure to scrub patient data from digital copiers results in $1.2 million HIPAA settlement

We’ve sounded warnings about the lowly copy machine before. The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data.

Affinity Health Plan, a New York-based managed care company, learned that hard lesson when it became entangled in a 2010 CBS News investigation into the risks associated with image data stored in the hard drives of digital copiers. As the report indicates, digital copiers contain hard drives that retain electronic images of all documents that have been copied or scanned.
Users of digital copiers often fail to scrub their hard drives before selling the copiers or returning them at the end of a lease. In order to demonstrate how this could result in disclosure of sensitive data, CBS News purchased four used copiers from a leasing company and then accessed the hard drives to see whether any images had been retained. Two machines contained sensitive police information from the Buffalo, NY police department.

A third machine contained design plans, payroll records and copied checks for a construction company in New York. The last machine, which had been leased by Affinity, contained over 300 pages of individual medical records. These finding were then reported on the April 20, 2010 broadcast of The CBS Evening News.

1 comment:

Anonymous said...

I like this blog. It is very nice device that data security must extend beyond computer networks and laptops. Digital Copiers Solution . Thanks .....