New York-based insurance company Affinity Health Plan agreed to shell out $1.2 million to quell a lawsuit over an alleged technical fumble that exposed private patient information.
The company was sued by the Dept. of Health & Human Services after failing to erase patient records on leased photocopiers, leading to a HIPAA violation when Affinity returned the borrowed machines.
HHS accused Affinity of "a breach of its unsecured electronic protected health information," involving 344,579 individual patients, according to the settlement agreement.
HHS said the million-dollar settlement doesn’t prevent any patients from suing Affinity for the data breach.
News reports are awash with data breaches at healthcare organizations, a phenomenon that has made breach insurance, or “cyber liability insurance,” a hot market. Cyber liability insurance has been around for decades, but interest has really picked up in recent years, especially has HIPAA rules have tightened around patient privacy, but breach insurance isn’t a defense measure against intrusion – merely against liability.
"Whether you buy insurance or not, the risk doesn’t go away," IT Risk Managers president & CEO Larry Harb told iHealthBeat. "The only decision you are making is who is going to pay for it."