According to the Health Insurance Portability and Accessibility Act (HIPAA), all medical businesses must maintain security of all confidential medical information. HIPAA compliance is the law and it is enforced by the Department of Health And Human Services (DHHS). This includes all devices like printers, fax machines, copiers and workstations. Failure to comply can result in significant fines.
Your print environment can present significant compliance risks. Print device security might be overlooked when a business rolls out HIPAA standards, or if an IT team simply misses critical aspects of printer security.
One well-publicized example occurred in 2010. Affinity Health Plan failed to erase patient data from leased copiers before returning the devices upon the lease term's completion. As a result 33,000 confidential medical records were compromised. The DHHS fined Affinity 1.2 million dollars as a result.
Here are a few tips to help you maintain HIPAA compliance. Consider:
- Securing Devices – All print, fax and copiers should be kept secure and only accessible by authorized staff. Track documents when printing and never leave documents unattended in print devices or fax machines.
- Removing and Erasing Hard Drives – Prior to retiring, selling or returning leased equipment remove any drives and securely destroy all data. Failure to do so can result in legal liability and fines.
- Authenticating Users and Creating Audit Trails – Password protect workstations and devices to prevent unauthorized access. Use PIN numbers or swipe cards to authorize users and create an audit trail. Administrators should have audit trail capabilities to prevent unauthorized access. Devices should also have an auto-off feature.
- Data Encryption and Removal – Any data stored on device hard drives should be encrypted using SSL protocols. Your network should also be secure and encrypted. Data stored on drives and devices should be regularly removed or destroyed.
Failure to meet HIPAA standards can result in leaving your business open to legal liability and DHHS fines. Is your company 100% HIPAA compliant, including your print environment? Contact us today and let us help you ensure compliance!