How Does HIPAA Relate to Copier Security?

How-Does-HIPAA-Relate-to-Copier-Security-400x4001

Many people believe that copier security only involves the physical paper used within each device, but it’s more complicated than that. If your company is printing or copying documents like patient or customer records, financial data, insurance forms, etc., then the same security measures need to be taken for your network or computers. Many companies, especially healthcare organizations, may be wondering exactly how HIPAA relates to copier security.

Any device that is capable of receiving, storing, or transmitting protected health information needs to adhere to HIPAA’s legal requirements for data security.

Nonetheless, copiers represent one of the most overlooked devices when it comes to enterprise security, but the office copier should never be forgotten. Hackers know many businesses fail to properly protect them – making copiers extremely vulnerable targets.

Why is Copier Security & HIPAA Compliance So Important?

Does your business copier, printer or multifunction printer do the following?

Connect to your network?
Have a hard drive?
Have scanning and emailing capabilities?

If so, then the correct data security strategy needs to be in place.

Security in the medical industry is the law. Companies need to properly secure data to maintain HIPAA compliance and avoid a HIPAA violation. HIPPA Security Rule focuses on the confidentiality, integrity, and availability of PHI (protected health information). Confidentiality means that data or information is not made available or disclosed to unauthorized persons or processes. Integrity means that data or information has not been altered or destroyed in an unauthorized manner. Availability means that data or information is accessible and usable upon demand only by an authorized person.

Nonetheless, copiers are a treasure trove for hackers seeking an entry point into your company data. Therefore, copiers need to be both secure and HIPAA compliant. There are three key reasons why:

1. Copiers Are Computers

Copiers, as well as other office devices like printers and scanners, are easy to disregard when it comes to data security. They do not look or behave like computers. Employees tend to not interact with printers and scanners, but do with computers that directly communicates to them.

Yet, copiers and printers have all the features of a computer: a hard drive which stores data, a processor to handle the more sophisticated functions, and an internet connection to support seamless integration upon which companies rely to keep their processes optimized. Copiers are computers, but often without the same security measures as their more recognizable counterparts.

2. It Is Easy to Copy Printed Sensitive Information

Modern data security often emphasizes digital data and digital solutions. However, this emphasis opens the doorway to forgotten avenues through which data moves within a business or healthcare organization.

A tremendous amount of healthcare data originates and circulates in hard copy, from patient forms to printed records. An unsecured copier represents an enormous security risk in such an environment by making it easier for sensitive information to fall into the wrong hands – unintentionally or intentionally.

HIPAA reflects this reality, requiring that a company applies physical safeguards to technology which might house, receive, or transmit private health information. That includes who has access to a copier and who can use its functions.

3. Integrated Copiers – Such as Those on MFPs – Make Copiers More Powerful

These days, it’s quite common for offices to leverage the space-saving and productivity-driving capabilities of multifunction printers. These are devices that have multiple office functions bundled into a single unit. There are many strategically advantageous reasons to deploy one or more in the office.

There are also many more opportunities for those photocopies of protected health information to end up in the wrong hands or email. Therefore, HIPAA compliance takes on extra levels of importance in highly integrated environments. One wrong press of a button could result in a costly and damaging data breach.

How to Make Copiers HIPAA Compliant

Take steps to make copiers HIPAA compliant, which adhere to the HIPAA Security Rule. Consider implementing copier security features such as:

Restricting physical and network access. User needs to physically access a copier to use it. By restricting the access it makes it harder to get to the copier is the first line of defense for keeping it secure.

Improving authentication methods. Digital copiers now come with advanced authentication methods, and others may be installed easily. Consider having users create an account with a login password, keycards, or another authentication methods to ensure that only the right people have access to the machine. Also, set up an automatic log-off function as an additional safety step should users forget to log-out.

Configuring the device to not store data. Digital copiers have hard drives which may store images of client files, patient information, legal documents, or other sensitive material. Fortunately, most devices can be configured to not store these sensitive files after the job is finished. A good rule of thumb is to remove the hard drive when disposing of a copier, printer, or MFP.

Using encryption. Data encryption is a best practice when it comes to data security, but is often overlooked with copiers and printers. Use encryption to ensure that personal information which passes through a copier cannot be stolen. In addition, safeguard the data by periodically overwriting the hard drive as well as deleting the copier memory.

Enforcing a policy against abandoned documents. Even in the digital environment, which represents a modern business, physical documents may still pose a security risk. Enforce a policy against abandoned documents in trays or on the copier glass which may disappear unintentionally or on purpose.