HIPAA, Healthcare, and Your Copier
Keeping patients’ personal data private and secure from unauthorized users is a key goal of the Health Insurance Portability and Accountability Act (HIPAA), and for good reason. With 477 healthcare industry-related data breach incidents in 2017 putting millions of patients' information at risk, HIPAA compliance and protecting data is important for companies that maintain patient healthcare information.
One potential breach in your HIPAA strategy is office equipment, such as your printers and copiers.
That's why it's critical to include your copier in your security strategy. We've taken a few key points to give you an overview of what HIPAA compliance can mean for your copier. Here's what you should know.
Advanced Technology Means More Risks
Thanks to advanced technology, such as the Internet of Things (IoT)-enabled devices and WiFi, healthcare risks have changed. Internet access, wearables, WiFi and Bluetooth-enabled devices are making it easier for healthcare companies, practices and facilities to access sensitive patient data.
As useful as these tools are in improving patient care, they also provide additional ways for hackers to infiltrate healthcare providers. Data breaches and attacks continue to rise. Ransomware accounted for 72% of hospital data breaches in 2016 alone. I’ll bet the next round of research released will show similar or higher numbers. One key reason for these data breaches is overlooking vulnerabilities, such as ANY network-connected device (like your copiers and printers) and forgoing easy-to-implement preventative measures such as copier hard drive encryption.
Today's copiers are a combination of computer and mechanical devices. This can pose a risk if they aren't HIPAA-compliant. The costs of a mistake are real too. Affinity Health Plan had to pay a settlement of over $1.2 million thanks to HIPAA Privacy and Security Rules violations. The company put its members' personal information at risk because it did not delete their personal data from the memory of the leased copiers’ hard drives before returning the copiers. The company was also fined for not taking steps or establishing policies for protecting electronic Protected Health Information (PHI) as outlined in HIPAA's Privacy and Security Rules.
Complex Compliance Requires More Review
If you haven’t, you should review any of your existing copiers and printers for compliance with HIPAA. Any device that can access and transmit patient data to Electronic Health Records (EHR) should be reviewed for HIPAA compliance, including your copier.
The great thing is you can apply specific tactics to ensure your copiers are HIPAA-compliant, such as encrypting connections to your copiers and clearing your copying machine's memory monthly. This helps safeguard any sensitive information and thwarts the efforts of hackers.
It's also important to leverage copiers and products that detect vulnerabilities, such as a HIPAA security tool like Xerox's HIPAA Secure. These tools help conduct a risk assessment to identify vulnerabilities within the software or hardware of your copier. Also, it's important to go over procedures and policies with your team and provide HIPAA training for technical standards so everyone is aware of what to do.
Keep Your Copier HIPAA-Compliant
Staying HIPAA-compliant doesn't have to be complicated. However, it requires putting a plan in place to keep security and privacy risks at bay. When you include your copier in your data and network security strategy and train your staff, you can stay HIPAA-compliant, reduce security risks, and protect your patients' data.