In a week including several high profile HIPAA breach incidents and settlements, the Department of Health and Human Services announced the biggest one of all: a settlement agreement with Affinity Health Plan stemming from an incident in 2010 when it was discovered that an improperly wiped photocopier compromised the PHI of over 300,000 patients. Affinity and HHS agreed to settle the case for $1,215,780.
What was notable about this particular incident was not necessarily the high settlement figure or even the large number of patients involved, but the bizarre nature of the incident itself. In the period leading up to the incident, the New York-based health plan had been leasing the digital photocopier. After the next user, CBS, purchased the copier from the leasing agent, it discovered hundreds of thousands of patient records that had not been deleted off the hard drive before the end of Affinity’s lease term.
This incident underscores the greater risk that compliance or information officers need to take into account in their risk assessments: the human factor. State-sponsored cyber terrorism might get all of the press headlines, but a healthcare provider is far more susceptible to something as simple as a lost laptop or an improperly wiped digital device. As mentioned in our webinar this past Wednesday, the proliferation of IT and other healthcare digital products is empowering healthcare organizations to deliver better care to their patients. Nevertheless, the loss of patient data through these devices should always be at the forefront of a CIO’s mind.
As with all data breach settlements with HHS, the settlement figure only shows us the tip of the financial iceberg. After taking into account the costs associated with patient notification and credit monitoring services that a covered entity must legally include, the actual cost of this incident is very likely to represent a multiple of the HHS settlement amount.
Krishna Kurapati is the Founder and CEO of QliqSOFT. He has more than two decades of technology entrepreneurship experience. Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges using artificial intelligence (AI)-powered digital technologies across the U.S. healthcare system.
© 2024 QliqSOFT, Inc. All Rights reserved
