The US Department of Health and Human Services (HHS) recently settled a $1.2 million HIPAA case in which a New York managed care plan failed to delete protected health information from a leased photocopier before returning the machine to the leasing company. The case argued that the health plan had failed to incorporate the “risks and vulnerabilities” presented by storing electronic protected health information (ePHI) on the photocopier’s hard drives into their HIPAA policy. And, thereby exposed as many as 340,000 individuals to potential compromise of their data. (HBMA, RCM Advisor: Q2 2019 Edition)