Along with ensuring the best possible care, protecting a patient’s personal data is a top priority for healthcare facilities. The Health Insurance Portability & Accountability Act (HIPAA) requires that all clinics, hospitals and behavioral health facilities develop policies and procedures to maintain protected health information (PHI).
Securing data from office printers, copiers and multifunction devices is sometimes overlooked, but these types of equipment print and store large amounts of PHI every day. Furthermore, print devices are considered workstations under HIPAA law, meaning they fall under the same restrictions and requirements as other data storage or transfer devices.
Whether sending or receiving faxes, printing patient information or scanning and emailing paperwork, all that data is subject to HIPAA compliance and must be secure.
How can you ensure HIPAA compliant printing? Follow these best practices.
Like most electronic devices, printers and copiers are pre-programmed with default passwords and factory settings. Unchanged, printers can be easily accessed by hackers. Since printers have a direct line to computers and other devices, cyber criminals could also gain access to an entire network.
All default passwords and network settings must be updated with strong passwords prior to installation. Take caution when performing maintenance or a hard reset, as some actions may revert the device back to its factory default settings. Your managed print provider can help ensure your printers’ security settings are up to date.
Proper placement of print devices is a first step to securing personal information. Ideally, print devices should be kept in a restricted area that is accessible only to authorized staff and can be monitored. At no time, should printers be kept in areas where visitors, patients or non-authorized personnel can retrieve paperwork or access print devices.
Also enforce policies requiring that employees leave no documents behind, whether printing, copying, scanning or faxing. It can be helpful to place reminders or signage near print devices to reinforce this best practice.
Some printers can enable two-factor authentication to access information with the use of specialized software, similarly to some computer programs. Pull printing — a two-step process — starts with a user initiating a print job from their workstation’s computer or mobile device, which sends it to a secure universal print driver. Pull printing — sometimes called “follow-me” printing — involves the use of software to manage data.
To enable retrieval of the documents, the user must authenticate the request while physically at the device. Ways to retrieve pull printing can vary, including the use of badge or card readers, or a personal identification number (PIN).
Two reputable print security softwares are PaperCut and uniFLOW. PaperCut can track which users print documents, which devices they print to, and even stop unapproved users from printing. It has numerous available reports for an easy audit process. uniFlow also allows for pull printing and reporting, and it can integrate a patient’s scanned documents into a secure Electronic Health Records (EHR) system.
GET THE GUIDE: Better Healthcare Through Intelligent Print Management
Some hospital administrators ask, “Is Google Cloud Print HIPAA compliant?” While the cloud storage service can support HIPAA compliance, it’s ultimately up to the customer to evaluate whether it meets their requirements, and they will need to work with the Google Cloud platform to develop their agreement.
To some outside the healthcare industry, faxing seems archaic in an age of emails and texts. But it remains an integral part of a healthcare facility’s day-to-day operations. Many multifunction print devices are equipped with fax capabilities. One way to improve the secure transmission of documents is to send and receive electronic faxes.
Digitized faxes can be sent to an email address, EHR system or folder where they can be accepted upon arrival. This helps stop faxes with sensitive information from sitting on a copier tray at their destination or from unauthorized individuals retrieving them when they arrive.
It’s easy to think of printers as simply utilitarian equipment, but modern printers contain highly sophisticated electronics and internal hard drives. When it comes time to replace your print devices, it’s critical that you wipe the hard drives clean prior to disposal, recycling or reselling of the equipment. Reputable managed print providers will often provide this service as part of their managed print program, so be sure to ask about HIPAA compliant print protocols when choosing a partner.
Printing protocols must be part of any healthcare facility’s HIPAA compliance program. Failure to comply can result in compromised patient information, a tarnished reputation and considerable fines. HIPAA violations and associated fines are based on a tiered system and can vary from $100 for a minor Tier 1 violation to a minimum of $50,000 for more egregious Tier 4 violations.
It’s critically important to work with a reputable managed print services provider who understands complex HIPAA guidelines and can help provide the most secure print environment possible. Contact the print experts at Gordon Flesch Company today for a free print assessment.
