Does Our Copier Need To Be Compliant With HIPAA Privacy Policies?

Encrypted Hard Drive
Posted by: Nauticon Office Solutions Comments: 0

Security is the law! The Department of Health and Human Services has made it mandatory that all medical practices maintain full security compliance standards for all copiers, printers, and other devices which is summarized in the Health Insurance Portability and Accessibility Act (HIPAA).  The Privacy Rule applies to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA. 

Many CSO’s (Chief Security Officer’s) have not included multifunction devices when they implement HIPAA standards, or an IT team isn’t aware of the critical properties of print security.  Just like other computer devices, printers and copiers are considered workstations and can present a catastrophic security risk.  These devices are connected to a network, contain sensitive data and have the ability to scan and share patient information, and if not properly protected, can be hacked and exploited in various ways.  The Association of Certified Fraud Examiners found that companies in the United States lose more than $800 billion a year due to fraud, and document fraud is a large part of this statistic.  Left unsecured, your copier and printers can pose one of the greatest threats to your organization.     

The U.S. Department of Health & Human Services published a press release in 2013 outlining the details of a 2010 data breach by Affinity Health Plan, Inc.   (https://tinyurl.com/tmh5zzy)  

“Under a settlement with the U.S. Department of Health and Human Services (HHS), Affinity Health Plan, Inc. will settle potential violations of the HIPAA Privacy and Security Rules for $1,215,780.  OCR’s investigation indicated that Affinity impermissibly disclosed the protected health information of up to 344,579 individuals when it returned multiple photocopiers to a leasing agent without erasing the data contained on the copier hard drives. In addition, the investigation revealed that Affinity failed to incorporate the electronic protected health information stored in copier’s hard drives in its analysis of risks and vulnerabilities as required by the Security Rule, and failed to implement policies and procedures when returning the hard drives to its leasing agents.”

Affinity was instructed to use its best efforts to retrieve all hard drives that were contained on photocopiers which were previously leased and to take certain measures to safeguard all electronic personal health information.

What steps can you take to implement a secure environment?

  • Ensure that your copier settings/passwords, controls and hard drive is secure.
  • Be sure to include copiers in your HIPAA compliance strategy.
  • Restrict access.
  • Add authentication prompts to all print devices that can access Protective Health Information (PHI).
  • Beware of the possibility that staff members may be emailing sensitive information to non-authorized individuals.
  • Erase data onsite.
  • Remove all documents from the output tray.  Use Private Print to avoid documents sitting in the output trays.
  • Encrypt data.

Nauticon Office Solutions utilize innovative methods of protecting valuable data in order to help you meet the increasing security challenges.  Most of the Toshiba MFP’s come standard with Self-Encrypting Drive (SED) technology that allows sensitive user data to be securely erased when a system is powered-down or when a SED Hard Disk Drive (HDD) is removed from the system. In addition, the disk is automatically cleared immediately after the device is done using information after every job, preventing the data from being recovered by unauthorized users. This Toshiba exclusive design utilizes the 256 Advanced Encryption Standard (AES) and is FIPS 140-2 (Federal Information Processing Standards) certified, while the standard data overwrite kit meets Department of Defense requirements.

(http://business.toshiba.com/media/tabs/downloads/products/secureMFP.pdf)

Failure to comply and protect confidential data can result in fines and open you up to legal liability.

Take your first step towards a secure print environment.  Click the banner below or dial 301-279-0123.