9 Tips to Ensure Your Copiers Are HIPAA Compliant

1. Copier Hard Drive Security

I’ve written specifically about multifunction copier hard drive security already. Click here to read Are Your Digital Copiers Putting Your Practice at Risk for HIPAA Non-Compliance?  For at least one company, the answer to that question was yes. Affinity Health Plan did not erase information on a leased copier’s drive. CBS Evening News bought the copier as part of a story about copier hard drive security  and discovered confidential patient information on the drive. Affinity ultimately paid $1,215,780 for the breach.

2. Include Them in Your HIPAA-Compliance Strategy

Every healthcare provider, regardless of size, needs to be compliant. The first step is to make sure you don’t ignore your copiers in compliance planning. That goes for any networked device with a hard drive that touches patient information.

3. Restrict Access

While not always feasible, physically restricting access to copiers and printers to a dedicated room is one way to ensure only authenticated users have access to the machines. At a minimum, restrict access so only your staff has access the devices. 

4. Authentication

Require user credentials at the device – password, swipe card, or even biometrics. Set up audit trails to ensure only authorized users are accessing devices. Set up an automatic log-off function as an additional safety step because users do forget to log-out.

5. No Ports in a Storm

Disable the USB ports on your copiers to prevent PHI from being downloaded to an unprotected USB stick.

6. Erase Onsite

At the end of your copier’s lease or if you resell your copier, have your service partner erase and/or digital shred the hard drive or do it yourself.

7. Leave No Document Behind

When printing, scanning, faxing, and/or copying PHI all staff should remain at the device until finish – don’t leave documents unattended on the devices.

8. Data Encryption

Enable data encryption on equipment that has a disk drive. The details will vary by manufacturer, for instance, Xerox products have a AES 128-bit encryption algorithm.

9. Loose Lips Sink Ships

This tip isn’t related to copiers at all, but I know I’ve overheard nurses and doctor’s office staff discuss patients. Be careful of where you discuss PHI, don’t do it in front of other patients at a minimum. Be careful of hallway and waiting room conversations.