Health Plan Pays $1.2 Million HIPAA Settlement for Impermissible Disclosures of E-PHI Involving Photocopiers | Practical Law
The Department of Health and Human Services (HHS) has announced a settlement between its Office for Civil Rights (OCR) and a health plan to settle alleged violations of privacy and security requirements under the Health Information Portability and Accountability Act (HIPAA). The plan impermissibly disclosed the electronic protected health information (electronic PHI) of up to 344,579 individuals by failing to properly erase photocopier hard drives before returning the photocopiers to a leasing company.