And it is worth sanitizing.
On August 14, 2013, HHS announced a settlement with Affinity Health Plan, Inc. after investigating the finding of sensitive health data stored on copier hard drives.
Affinity Health Plan, a not-for-profit managed care plan serving the New York metropolitan area, was informed by CBS Evening News that CBS had purchased a photocopier previously used by Affinity that contained confidential medical information on the hard drive. Affinity turned around and reported this breach to the HHS Office for Civil Rights on April 15, 2010. Affinity estimated that up to 344,579 individuals may have been affected by the breach.
OCR reports that its investigation revealed that Affinity impermissibly disclosed the protected health information of these individuals when it returned multiple photocopiers to leasing agents without erasing the data contained on the copier hard drives. Affinity and OCR negotiated a settlement, which included a $1.2 million payment and “a corrective action plan requiring Affinity to use its best efforts to retrieve all hard drives that were contained on photocopiers previously leased by the plan that remain in the possession of the leasing agent, and to take certain measures to safeguard all ePHI.”
See HHS press release: http://www.hhs.gov/news/press/2013pres/08/20130814a.html