In a week including several high profile HIPAA breach incidents and settlements, the Department of Health and Human Services announced the biggest one of all: a settlement agreement with Affinity Health Plan stemming from an incident in 2010 when it was discovered that an improperly wiped photocopier compromised the PHI of over 300,000 patients. Affinity and HHS agreed to settle the case for $1,215,780.
What was notable about this particular incident was not necessarily the high settlement figure or even the large number of patients involved, but the bizarre nature of the incident itself. In the period leading up to the incident, the New York-based health plan had been leasing the digital photocopier. After the next user, CBS, purchased the copier from the leasing agent, it discovered hundreds of thousands of patient records that had not been deleted off the hard drive before the end of Affinity’s lease term.
This incident underscores the greater risk that compliance or information officers need to take into account in their risk assessments: the human factor. State-sponsored cyber terrorism might get all of the press headlines, but a healthcare provider is far more susceptible to something as simple as a lost laptop or an improperly wiped digital device. As mentioned in our webinar this past Wednesday, the proliferation of IT and other healthcare digital products is empowering healthcare organizations to deliver better care to their patients. Nevertheless, the loss of patient data through these devices should always be at the forefront of a CIO’s mind.
As with all data breach settlements with HHS, the settlement figure only shows us the tip of the financial iceberg. After taking into account the costs associated with patient notification and credit monitoring services that a covered entity must legally include, the actual cost of this incident is very likely to represent a multiple of the HHS settlement amount.
With over two decades of technology entrepreneurship background, Krishna Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges in US Healthcare. During the late 90s, Krishna co-founded IPCell to build the first Cable IP Telephony switch, eventually selling the company to Cisco Systems. In 2003, he started Sipera (acquired by Avaya Systems) to solve security issues for Unified Communications' and raised over $30MM in venture funding. Additionally, he has been actively involved in the early-stage financing of startups in both the US and India.
Engaging Patients and Connecting Care Teams Through Interactive Digital ConversationsLearn More
QliqSOFT, Inc., specializing in HIPAA-compliant clinical collaboration and patient communication solutions, and Isabel Healthcare, Inc., a leader in diagnostic decision support and virtual triage tools, today announced the integration of Isabel Healthcare’s Symptom Checker / Triage tool into QliqSOFT’s Quincy Healthcare Chatbot Platform.