Copiers and printers are indispensable tools in any practice’s office. Unfortunately, what makes these pieces of hardware useful also makes them a source of vulnerability in your network’s security.
If your multifunction devices (MFDs) are not properly configured and secured, or if your staff does not practice safety protocols, data transmitted to and from your printers can be accessed by hackers. Worse, cybercriminals can plant malware, destroy the printer itself, or gain access to your network.
The need to safeguard protected health information (PHI) is integral to HIPAA compliance. What steps can you take to ensure your printers and PHI are safe?
Restrict access and create user rules
Only authorized personnel should have access to PHI. If possible, secure devices in a single, secure room that only authorized staff can access. The ideal location of your printing devices should be next to someone who can monitor those who come and go, as well as watch out for any abandoned print jobs.
Encrypt data transfers
For an MFD to copy, scan, email, fax, or print a document, it has to connect to other devices, applications, and servers. Although connectivity increases efficiency and speed in handling patient data, it increases the risk of a security breach. The data contained in electronic health records and business applications has sensitive information that requires protection.
Encryption helps manage this risk. When data is encrypted on the device itself and while in transit to another device, network, or application, documents, and the data they contain are kept secure and are only visible to authorized users. Encrypted data is useless to cybercriminals since any data they find is unreadable without the key.
Create additional security layers
Update your applications and security apps regularly and secure every component of your web-facing applications, including their design and deployment. Use privacy screens, document management software, and other professionally managed technology solutions to provide additional security layers.
Newer MFDs have more advanced settings, including authentication protocols such as PIN code, fingerprint, and smart card/magnetic swipe card that allow you to manage staff access. By controlling who has access to documents, you fulfill your access control obligations to HIPAA.
Other features like two-factor authentication and biometrics help keep sensitive documents from automatically printing. Requiring the need to physically approach the printer and prove one’s identity before documents are printed helps protect PHI while preventing unnecessary print jobs. These features not only prevent non-authorized staff from accessing PHI but also allow access requests to be monitored and audited.
Monitor network & PHI-related activity
By simultaneously monitoring and auditing your MFDs, you ensure control of patient information before it arrives at its targeted destination. MFDs are capable of identifying and removing confidential data before a document is printed, creating an efficient method of securing PHI.
Additionally, MFDs have features that enable a notification alert to a designated staff member if a potential security breach is identified. The security issue can be investigated immediately, allowing your organization to be proactive in threat detection and response.
Monitoring your network and PHI-related activities can also be done through real-time visibility of document access. This can be achieved by having efficient and precise documentation of anyone who has accessed or printed patient information, using chain of custody watermarking functionality, and creating digital copies of all printed documents.
Stay proactive and vigilant
There are steps you can take to implement the right safeguards and best practices for maintaining security and compliance in your organization:
- Update passwords: Printers are pre-programmed with default passwords. If these are left unchanged, hackers can easily access your device. All passwords and network settings must be updated with strong passwords.
- Erase data onsite: Shred documents containing PHI; when upgrading your equipment, clear the hard drives.
- Don’t leave any document unattended: Whether printing, scanning, copying, or faxing, authorized staff should not leave the device until it has completed its job.
- Don’t use ports: Disable USB ports to prevent information from being downloaded to a USB stick.
- Avoid conversations about patients: Always assume the walls have ears. Avoid discussing patient information in unsecured areas.
- Implement a secure print release workflow: Standardize routing and destination workflows for all transmitted data. To ensure data stays in the right hands, use mobile authentication applications and micro-card readers to secure documents and ensure print jobs are only released to authorized staff.
Safeguard PHI and maintain compliance with the healthcare IT experts
To maintain HIPAA compliance, you must ensure PHI confidentiality and integrity. If you think you lack the tools and resources required to meet these standards, outsourcing the management of technology and printing devices might be the best solution for you.
At Medicus IT, we understand how patient confidentiality and compliance are crucial in healthcare. With 35+ years of experience in the healthcare IT industry, we have the expertise required to help you meet compliance requirements effectively. Our experts know exactly what security measures you need and how to implement the best practices for strengthening your IT infrastructure.