READ TIME: 5 MINS
Have you ever thought about HIPAA copier security and the safety of your patient’s records as you use different pieces of technology around your office?
It might come as a surprise to you, but your office copiers and printers could be a significant HIPAA risk that puts your patient's private medical records in jeopardy.
As we continue to move to a more digitally-based world, it’s no longer just computers or laptops that have hard drives and the capability to store tons of information—private personal information.
Do you know if your copier or printer is capable of scanning, faxing, and storing documents? If so, that means it probably has a hard drive.
If there’s one thing you should know about copier hard drives, it’s that they store data. If you’re a medical office and the data you’re copying or faxing includes patient’s medical records, you are at risk of violating HIPAA regulations.
We know the importance of patient privacy and safety, and we’re here to give you some great tips on how to not only protect your patients but your medical practice as well.
When it comes to health privacy and HIPAA compliant copiers, it’s always important to be proactive, opposed to reacting too late once something bad occurs.
Whether you're leasing a new office copier or using one that’s been around for years, there are always risks that come associated with the documentation and sharing of medical records and sensitive information.
Learn everything you need to know about HIPAA copier security and the best steps to take to protect the confidentiality of your patients.
HIPAA Compliant Copier and Securing Patient Records
Are you currently partnered with a managed IT services or cloud-based company? If so, it’s very important they know and understand the type of work you do and the security measures to take when it comes to patient records.
A great managed IT services provider takes measures like these, seriously, and will work with you to make sure you’re comfortable with the access to your office technology.
1. Beware of “HIPAA Compliant” Products and Vendors
Unfortunately, some companies position themselves as providing HIPAA compliant solutions or products when really, they don’t meet the requirements. There’s no such thing as a “HIPAA security all-in-one device.”
However, a company or product can help you comply with HIPAA’s regulations, but you’ve got to work and plan for it. Remember, it’s your obligation to ensure your medical practice is compliant—it’s your data and your systems. Having a third-party provider doesn’t entirely relieve you of this responsibility or liability.
If you’re in the process of looking for a third-party vendor, check to see if they’ve passed a HIPAA audit. Have them explain the steps they take to protect their own customers.
It’s also important you check that your IT infrastructure and networks are strong enough to prevent a data breach. A ransomware attack on any of your networked devices could leave your medical practice in lousy shape.
2. Basic Password Protection
When it comes to HIPAA compliant copiers, one commonly overlooked source of a data breach is basic password protection.
When an employee leaves your practice, be sure change their passwords and delete all access immediately, as well as removing access they might have to your network from their smartphones.
It’s also important to limit individual access to patient records from employees that currently work at your practice.
On some printers and copiers, you can use authentication prompts such as passwords specific to an employee, employee ID swipe cards, and biometrics.
Employee authentication trackers help follow which employee is requesting certain records, when and where they’re storing and saving the records, and the frequency they’re doing so.
3. Password Strategy
Not only is basic password protection important for HIPAA copier security, but so is the password strategy that comes with it.
Set rules for all your employees that describe all the steps they need to take to ensure they’re keeping all network access safe and secure. Follow these guidelines below:
All passwords must be changed at least once every 90 days
All passwords must have a unique combination of letters, numbers, and symbols
All passwords should be at least 8 characters in length
All passwords must be different than previously used passwords
Don’t allow passwords to contain the user’s user ID
Designate one employee who has privileges and to all employee usernames and passwords
HIPAA Journal published an article that goes into detail on password protection and strategy you might find interesting, The HIPAA Password Requirements and the Best Way to Comply With Them.
4. Data Location
If you’re already using a cloud provider to store some or all of your patient information, it might do you some good to talk with them about where your data is co-located.
Co-locating and encryption can get a little tricky to explain, but the way in which a third party is storing your data has a lot to do with HIPAA compliance requirements.
If you feel that it’s causing you more trouble to move patient information and data to the cloud opposed to keeping it in-house, don’t do it! Keep your data on-site and be sure you comply with the proper regulations.
You can always go back later and focus on specific data that CAN be moved to the cloud and look for efficiencies and savings there.
To learn more about the cloud relating to HIPPA compliance policies, read our article, Can You Be HIPAA Compliant in the Cloud? Yes, Here’s How.
5. Secure Print Release
A secured print release system (or pull printing) offers another great form of data security, especially if restricting physical access to shared devices is impossible.
Using a secured print release option allows you to set up your printers to only print documents when someone enters their individual access code or swipes a security badge/fob.
This extra HIPAA compliant copier feature helps prevent non-authorized staff members from accessing patient records but also allows monitoring and auditing when authorized employees do have to access these records. This way, managers can address suspicious activities right away.
Secure print release also saves time at your office. If several employees are trying to use a conventional printer at the same time, some of them will lose precious minutes as they wait. Plus, simultaneous printing attempts can lead to paper jams.
Read more on secure print release and pull printing, Keep Documents From Prying Eyes With Pull Printing.
As you know, the safety and privacy of your patient’s records is the most critical part of keeping your medical practice up and running. It’s essential to fully understand all HIPPA regulations and how your office technology should comply with those guidelines.
AIS is proud to be your resource of all things office technology. Our goal is to always provide our current and prospective customers with the knowledge and resources to help businesses exceed their goals. We’re always learning new and improved ways for you to integrate your office document solutions as you need them. For more information on HIPAA compliant copiers, managed IT services, or any other service we provide, reach out to one of our business technology consultants, here. Don’t forget to check out our channel on YouTube, The Copier Channel. We’re here to give you peace of mind to help you win more business.