Is Your Print Environment HIPAA Compliant?
Security in the medical industry is not only important, it’s the law. The Department of Health and Human Services (DHHS) requires copiers, printers, fax machines and workstations to be secured and maintained to the standards outlined in the Health Insurance Portability and Accessibility Act (HIPAA).
A print environment can present some of the biggest threats to a medical practice. Either security for these devices is overlooked when implementing HIPAA compliant policies, or critical aspects of security regarding print devices is missed because they are misunderstood.
One infamous event is the Affinity Health Plan hack in 2010. Affinity failed to erase confidential data from leased copiers before returning them to the leasing company. As a result, over 33,000 records were compromised costing Affinity 1.2 million in fines from the DHHS.
Here are several ways to make your office HIPAA compliant. It starts by understanding the risks and then implementing procedures to mitigate them. Here are some areas to consider:
- First, Secure Access – Devices need to be in a secure location only accessible to staff that is authorized to review protected records. Documents must be tracked when copied, faxed or printed and never left unattended.
- Remove and Destroy Hard Drives – Copiers and other devices often store documents on an internal hard drive. Prior to being returned at the end of your lease the drive should be removed or the data securely destroyed. DO NOT return the device with any data remaining on the drive or you may be liable.
- Use Authentication and Audits – Workstations should always be password protected to prevent unauthorized access. Authorized users should have keycard, PIN or password access to all print devices. Administrators should have audit trail capabilities and all devices should employ an auto-off feature.
- Data Encryption and Removal – Health information stored on copiers or any device should be encrypted using SSL encryption. Your network must also be secured and if possible data should be removed or destroyed on a regular basis to ensure protection.
Failure to protect confidential data can result in fines and open you up to legal liability. Are you ready to open a discussion? Give one of our team members a call and let us show you how we can help you secure your network and print environment to ensure compliance!