Security in the medical industry is the law. The Department of Health and Human Services (DHHS) requires medical businesses to maintain complete security compliance standards for all copiers, printers, fax machines and workstations as outlined in the Health Insurance Portability and Accessibility Act (HIPAA).
The print environment can present some major risks to your medical practice. Sometimes the security for these devices can be overlooked when implementing HIPAA standards, or an IT team isn’t aware of the critical aspects of print security.
One event in 2010 outlined the potential problems of overlooking crucial print security details. In 2010, Affinity Health Plan failed to erase critical confidential data from leased copiers before retiring the machines and returning them back to the leasing company. As a result, over 33,000 records were compromised. Affinity was fined 1.2 million dollars by the DHHS. Many medical practices do not realize their potential exposure from this simple oversight.
Here are a few tips to keep in mind when making your print environment HIPAA compliant. As with any security challenge, be sure to first understand the risks and then take steps to mitigate your exposure. Consider:
- Secure Access First! – Devices need to be secured and only accessible by authorized staff members. Documents should be tracked when copied, faxed or printed. Never leave devices or documents unattended when printing or copying.
- Remove and Securely Erase Hard Drives – MFPs and other devices store documents on internal hard drives. Prior to retiring them at the end of your lease remove the drive and securely destroy your data. Don’t return the device with ANY data remaining on the drive, or you risk liability.
- Audit Devices and Authenticate Users – Keep workstations password protected to prevent unauthorized access.; authorize users with a PIN or key card. Administrators should have audit trail capabilities and all devices should employ an auto-off feature.
- Data Encryption and Removal – Any data stored on any device should use SSL encryption. Your network should also be secured and if possible data should be wiped regularly from devices.
Failure to comply and protect confidential data can result in fines and open you up to legal liability. Are you ready to start a dialog? Give us a call and let us show you how we can help secure your network and devices to ensure complete HIPAA compliance!