The Health and Human Services Department considers copiers, printers, scanners and fax machines to be equipment that must be compliant with the security and maintenance rules and regulations outlined by the Health Insurance Portability and Accessibility Act (HIPAA). The challenge is that many healthcare providers aren’t aware of the threat that unsecured devices pose.
To illustrate the damage that an unsecured device can have on your organization, recall what happened to Affinity Health Plan. In 2010, Affinity returned copier equipment to its leasing company without erasing the protected health information from the hard drives first. Due to this negligence, over 330,000 health records were exposed, which cost Affinity $1.2 million in settlement fees with the Department of Health and Human Services.
In order to make your office devices HIPAA compliant, here are some important considerations to think about:
- Is the device physically secure? Office devices should be placed in a location that is only accessible to staff members with authorized access to protected health information. To minimize the theft of printed documents, they should never be left unattended in the output tray.
- Are you routinely deleting the hard drive on the device? The hard drive on your devices store images of documents that have been printed, copied, scanned or faxed. To prevent anyone from gaining access to this sensitive information, it’s important that you routinely delete the data on the hard drives. If you’re leasing your device, erase the hard drive before returning it to the leasing company.
- Do you require user authentication for the device? Devices in the workplace need to be password protected to prevent unauthorized access. Users should only be given credentials for devices that they are authorized to use. Adding an automatic log-off to all devices will strengthen security.
- Are you using SSL encryption? All data stored on printers, copiers, scanners and fax machines needs to be encrypted using Secure Socket Layer (SSL) encryption. The network that transmits the data needs to also be, using data encryption. This will prevent sensitive data from falling into the hands of the wrong person.
Contact us to learn more about making your printers, copiers, scanners and fax machines HIPAA compliant.