Are you aware that the Department of Health and Human Services requires printers, copiers, scanners, and fax machines to be secured and maintained according to the guidelines of the Health Insurance Portability and Accessibility Act (HIPAA)? Many organizations don’t realize the vulnerabilities that these devices pose and therefore neglect to include them when creating their HIPAA security policies.

Affinity Health Plan is an example of an organization that did not secure its copiers according to HIPAA standards and suffered as a result. Affinity failed to erase the protected health information stored on the hard drives of leased copiers before returning the equipment to the leasing company. As a result of this negligence, more than 33,000 records were exposed, and Affinity was responsible for paying $1.2 million in settlement fees to the Department of Health and Human Services.

To prevent your organization from experiencing a similar situation, here are several steps to ensure your devices are HIPAA compliant:

  1. Place your devices in a secure physical location. Printers, copiers, scanners, or fax machines should be placed in a secure location where only staff members with authorized access will be able to use them. Utilizing pull printing practices will prevent sensitive records from being left unattended.
  1. Routinely erase the hard drive. Multifunction printers and other devices contain hard drives that store data that has been printed, copied, scanned and faxed. To prevent this data from getting into the hands of the wrong person, the hard drive needs to be routinely erased. If you are leasing your device, ensure that you erase the hard drive before returning it to the leasing company.
  1. Require user authentication. Keep workstations password protected, and employees should only be given user credentials for devices that they are authorized to use. For additional security, all devices should have an automatic log-off once the job has been completed.
  1. Encrypt data using Secure Socket Layer (SSL) encryption. All data stored on printers, copiers, scanners, and fax machines needs to be encrypted using SSL encryption. In addition, the data that is transmitted to and from the network needs to also be encrypted. As a best practice, periodically overwrite the hard drive to minimize the risk of someone gaining unauthorized access to data.

Please contact us and let us show you how we can help secure your office devices to ensure HIPAA compliance.

Related post:

How You Can Keep Your Critical Data Protected