Is your medical practice in need of HIPAA compliant security for your office printers? Some technology services providers advertise their products are HIPAA compliant when really, they aren’t.
As you probably already know, HIPAA isn’t defined by technology, but by the policies and procedures that secure a patient’s Protected Health Information (PHI). If you want to know the HIPAA compliance laws, check out this page at the HIPAA Journal.
For your office technology devices to comply with HIPAA, you must ensure PHI confidentiality. Meaning, any and all patient information is only available to authorized users who have the authority to view, change, print, or send any patient records.
So, how do you know that your office printer is HIPAA compliant? How can you ensure your employee’s records and information are kept safe and secure?
Lucky for you, we’ve got some great advice to give when it comes to HIPPA compliance security and the technology devices your office uses.
One of the biggest weaknesses we continue to see when working with healthcare organizations is the lack of attention and knowledge to the role that printing technology plays in HIPAA compliance.
The confidentiality of health information of all your patients is vital, and you might be putting them at risk without even knowing. Take some time and read the best ways to protect their personal health records and your practice.
Remember, by law, it’s your responsibility to keep your patient's information safe, and they trust you to do so. If there were to ever be a security breach of your patient’s records, the responsibility falls directly on you and your staff.
HIPAA Compliant Security: Keeping Patients Safe When Using Office Print Technology
Many practices are unaware that office printing technology is frequently the weakest link in an organization’s HIPAA compliance efforts.
Consider some of these ways that’ll ensure your medical practice is protecting the privacy of all patients.
Restrict or Give Employees Minimal Access
Would you feel comfortable if people knew all your passwords and logins to your online banking portal? Probably not.
Your patients don’t want everyone to have access to their personal health records. By law, only authorized staff should have permissions to devices that access PHI.
When possible, secure as many of these technology devices into a single locked room that only authorized staff can access.
Add More Authentication to Employee Access
More is always better, right? An extra layer of security measures ensures that only authorized staff can use specific devices that store patient information. Just make sure you educate the staff on why you are doing it so they understand the importance HIPAA and PHI.
This helps prevent non-authorized staff members from accessing patient records, but also allows monitoring and auditing when authorized employees do have to access these records.
On some printers and copiers, you can use authentication prompts such as passwords specific to an employee, employee ID swipe cards, and biometrics.
Employee authentication trackers help follow which employee is requesting certain records, when and where they’re storing and saving the records, and the frequency they’re doing so.
To learn more about password and authentication security for your employees, read our article, How to Create a HIPAA Compliant Password Strategy.
Always Account For All Documents
If you or your office staff copies, prints, scans, or faxes any medical records from any patient, make sure they remain at the device until completion.
It’s unsafe to leave any patient information laying on a printer, copier, or scanner, as it could wind up in the wrong hands.
Erase Data Before Your Lease Ends / You Purchase a New Copier
Whether you’re leasing an office copier or it’s time to purchase a new one, it’s always important to remember to erase any and all patient data in-house, before that device leaves your office.
There’s a lot of data stored on your technology devices, data you might not even know is being saved. If you feel that you’re having trouble clearing this data from the memory of your device, place a call to your copier services provider.
There’s something called “digital shredding” which is shredding all electronic files stored on your devices. Once you digitally shred the hard drive of a machine, that information is permanently gone and not available for any other user to see or access in the future.
If the company you are returning your device to says they’ll do the digital shredding for you, don’t take them up on it. You want peace of mind knowing those files and information were protected and erased on your behalf.
Disable Certain Copying Features
Make sure all methods of copying or removing information from a device and transferring it to a memory device is disabled. This includes disabling any type of CD drive or USB ports.
It’s also a good idea to educate your staff on who they are authorized to email sensitive data and information to. It’s always best to double check that the recipient of any duplicated information is the appropriate person.
Create a HIPAA Compliance Strategy
Do you have a HIPAA compliance strategy in place? How often do you reference it? When was the last time it was updated?
Any and all equipment that deals with patient health information that utilizes any technology device needs to be included in your HIPAA processes and compliance strategy plans.
If you’re unfamiliar with a HIPAA compliance strategy, read about IT road mapping and how we can help get your company planning for the future, Virtual CIOs and Successful IT Roadmaps.
HIPAA Security Apps
Did you know that certain kinds of copiers and multifunction printers have applications you can install that are specifically made for HIPAA compliance and security standards?
Xerox has embedded certain apps in their printers and copiers to help support your business goals, such as XMedius SendSecure and Fax, which you can find in their App Gallery.
XMedius (a HIPAA compliant app) is a global leader in the field of secure file exchange for businesses. This on-site and cloud-based software solutions enable companies to exchange sensitive and confidential data in a safe manner.
This app is excellent for those of you who are in the healthcare (or related) field that has to comply with HIPAA and patient record security. Your patient’s records are kept completely private and confidential.
To learn more about XMedius and how this app can easily be used on your Xerox device, click here.
AIS continues to look for ways to help your business reach its goals. Whether your company is large or small, we want to make sure you're doing everything for your employees and your customers, especially when it comes to the safety and security of their records and personal information.
To learn more about HIPAA required security for your office devices or any other services we specialize in, reach out to one of our business technology consultants, here. We’re here to give you peace of mind to help you win more business.