3 min read

Can My Copier Make Our Office HIPAA Compliant?

Can My Copier Make Our Office HIPAA Compliant?

Maintaining a HIPAA compliant office is both the law and necessary to keep your practice operating — but it can be difficult to navigate and observe the rules set by HIPAA while also updating your office technology, like your copiers, printers, scanners, and all of the software solutions that go along with them.

As someone who represents a company that has worked with medical offices for over thirty years, managing the expectations of HIPAA while ensuring technology is useful leads to a question I’ve heard quite a few times: “Can my copier make our office HIPAA compliant?”

The short answer is “no.” But, also “yes.” 

HIPAA AND YOUR COPIER

If you work in the medical field, you’re aware that HIPPA applies to any health care provider who transmits health information in electronic form. Because of this, the Department of Health and Human Services requires that all medical practices maintain full HIPAA security standards for copiers and printers.

This regulation is why you’ll want to include your copiers (both networked and non-networked) in your compliance strategy. Remember, however, there’s no “HIPAA certified” copier on the market today.

So, if a copier by itself can’t be HIPAA compliant by default, how do you make sure you follow compliance when using your practice’s copier?

SETTING LIMITS

The first and easiest step you can take to ensure your copier is HIPAA compliant is to limit the personnel allowed to transmit data from your multi-function device copier. Consider restricting access to all of your networked machines by placing them within a secure, dedicated room.

If your practice doesn’t afford the office space needed for such a solution, look into secure printing options made available through output management software like Papercut or UniFLOW online.

Software solutions such as these can be used to set global permissions, track individual prints (and who’s printing them). There are even two methods that require someone to be physically present at the copier when the print comes out: either through physical options like an ID or fingerprint scanner, or by requiring users to put in a code, or even using their phone to verify they are in proximity of the printer. These methods are referred to as proximity printing.

To lessen the risk of sending sensitive, patient-identifying information to non-authorized personnel make sure to limit the ability to email documents outside of your organization (or even your network),.

DIGITAL SECURITY

Copiers may work with physical media, but that data is digitized and lives on your network, which is, perhaps surprisingly, the most secure place to store patient information. For this reason, and for ease and quick reference, many practices are digitizing their physical processes.

There are additional layers of user authentication and security you can add to your daily operations (either digital or physical) to reduce the risk of a HIPAA violation.

For starters, consider replacing your stand-alone fax machine with a system that allows users to send and receive faxes directly from their desktops. These systems use audit trails for all incoming and outgoing transmissions, and allow you to save copies of your communications — meaning no more lost faxes.

Another effective tool for increasing your security to meet HIPAA standards is to add authentication to all of the copiers in your office. Authentication require each user log in using a password, bio-authentication (like a fingerprint), or by RFID cards, which allow for auditing of each of your employees’ copy, print, and scan usage.

Use the Private Print setting on your networked devices.  This setting allows print jobs to only be released when you are physically at the copier and keeps documents off the output tray where they can be easily accessed by anyone. 

Encrypt Data on all devices that have either standard or optional hard drives. Generally, data written to hard disk drives is not completely erased when the memory is deleted. Data recovery software can recover that deleted data. HDD encryption is vital to keeping your information secure.  Check to see if your MFP comes standard with this extra layer of security or if you can add the optional HDD encryption kit based on manufacturer specifications.

USB ports should be disabled on your devices. While USB’s are great when it comes to printing and scanning, they pose a threat by allowing scanned documents to leave your facility.  USB ports also can be used as an access point for viruses. 

UPDATE AND MANAGE YOUR COPIERS

Update your firmware regularly. Copiers run on an embedded operating system which can make them targets of the same malware threats as any other computer in your office.  Firmware should be routinely updated by your technician, but it is a good practice to confirm that your machine is running with the latest version. If your copier is nearing obsolescence, it may no longer be supported by the manufacturer — leaving you vulnerable to a breach.

Lastly, when it is time to return your copier to the leasing company, require written proof from your provider that the hard drive has been reformatted and all data has been wiped. If you own your machine, remove the hard drive and have it destroyed by a certified destruction company.

A COPIER CANNOT MAKE YOU HIPAA COMPLIANT, BUT IT CAN HELP

If you manage how your multi-function printer is operated and utilize a high level of security when handling patient identifying information, you are most likely HIPAA compliant already. If you have questions about how to implement any of the tips listed above, reach out to your representative.

There are always new security services and capabilities on the market — just as there are new security threats. Even if you know your medical office is HIPAA compliant, it is a good idea to reach out to your representative, and ask if there is anything else your business could do to ensure HIPAA compliancy.

 
 
The Risks IoT Devices Pose to Data Protection & Privacy

5 min read

The Risks IoT Devices Pose to Data Protection & Privacy

Is your IoT (Internet of Things) data as secure as it should be? If you're unsure, it's time to take notice.

Read More
9 Questions to Ask A Potential Managed IT Services Provider

10 min read

9 Questions to Ask A Potential Managed IT Services Provider

As businesses evolve in today's dynamic market, the complexity of managing their IT infrastructure grows exponentially. For many small businesses,...

Read More
The Hidden Costs of Ineffective Data Management

6 min read

The Hidden Costs of Ineffective Data Management

In today's business landscape, data isn't just power — it's the very lifeline that fuels business decisions, drives innovations and shapes...

Read More