Updated June 3, 2024
If you work in the healthcare industry, you are already very familiar with HIPAA, the Health Insurance Portability and Accountability Act. HIPAA requires the secure and confidential handling of protected health information (PHI). The Department of Health and Human Services requires all print technology to be secured and maintained according to the standards outlined in HIPAA. Print technology is defined as printers, copiers, multifunction printers, fax machines, and all other devices with similar functions.
HIPAA compliance includes everything from medical records, billing information, treatment plans, to any other personal health information. It's not just about what's printed but also how it's handled before, during, and after printing. This means ensuring secure handling of printed materials, proper disposal of unneeded documents, and even securing the printers themselves against unauthorized access.
Office and printing technology has remained one of the weakest links with healthcare organizations having HIPAA compliance. Here are seven recommendations for improving the security of your printing technology and having HIPAA compliant printing practices.
The location of your printers should be your first consideration. Your devices should be in locations that are only accessible to employees who are authorized to see the PHI. Printers should not be in walkways or other areas accessible to the public.
Instead of just printing directly and letting the material sit on the printer until someone is ready to get it, a secure print release feature places the document on hold until the person who has requested it authenticates and releases it to the printer. This feature helps with HIPAA privacy compliance by protecting confidential information on healthcare documents from inadvertently being seen by others.
You might also think of it as pushing or pulling, but software is available that allows for the tracking of print jobs across your healthcare environment. With find-me printing, users print to one print queue, walk to the nearest printer that’s convenient for them, swipe their card, and their print job will find them to print where they’re currently located. This is another option to eliminate documents with PHI sitting on printers for others to see.
Fax remains an integral part of the healthcare industry. With traditional paper faxing, a document containing PHI may sit on a tray because it arrives without notice. This information is then accessible to those who are not authorized to view it, violating HIPAA practices. Electronic fax can keep you HIPAA compliant by eliminating paper and instead allow you to receive faxes digitally to a database or email distribution. This allows information access only to those who are authorized to see it.
Most large healthcare systems have migrated to an electronic records management system. Having a secure document management system that limits information access only to those who need it is critical for HIPAA compliance. But what about the storage areas still filled with paper-based patient records? Through bulk document scanning, you can create electronic records and incorporate them into an electronic records management system with protected access. Completing these large-scale document scanning projects improves the security of PHI.
All printers send information across your network. It is important to make sure all printing devices comply with your network security policies. This is accomplished through printer hardening to close any ports that are not needed and through proper end-to-end data encryption to protect against someone from the outside having access to your hospital’s information and your patients’ information.
Most multifunctional printers have hard drives that store images of the documents printed and scanned. It is important to ensure that those hard drives are properly encrypted and if a multifunction printer is removed, the hard drives are either wiped clean or removed and destroyed prior to the printer leaving your facility.
Does it feel like your office technology is the most vulnerable area of HIPAA compliance? Implementing HIPAA compliant printing practices is essential for maintaining patient trust and avoiding costly fines for non-compliance.
The team at EO Johnson has over 65 years of experience helping companies with their office technology, including healthcare organizations. We are also SOC 2 Type 2 audited, ensuring our internal controls for security, confidentiality, processing, integrity, privacy, and the availability of customer data. In partnering with EO Johnson, you are working with a managed print provider who values information security as much as you do. Let us know how we can help.
This information is provided by E.O. Johnson Business Technologies for informational purposes only. All information is provided in good faith, and we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information included. Before acting on the basis of any information or material contained herein, you should review the regulations and evaluate the appropriateness of these recommendations. If you need legal advice, please consult an attorney.