Expensive Lessons in Privacy Law: Affinity Health Pays $1.2 Million for Not Erasing Photocopier Hard Drives

Earlier this month, Affinity Health Plan agreed to pay the Department of Health and Human Services more than $1.2 million to settle violations of the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules.

Affinity – a not-for-profit managed care plan – failed to erase the protected health information of nearly 350,000 individuals from hard drives of leased photocopiers.

For your reference, a roundup of legal commentary and analysis on the settlement and its implications for HIPAA covered entities and their business associates:

Find additional updates on the Health Insurance Portability and Accountability Act at JD Supra Law News>>