1. Copier Hard Drive Security
I’ve written specifically about multifunction copier hard drive security already. Click here to read Are Your Digital Copiers Putting Your Practice at Risk for HIPAA Non-Compliance? For at least one company, the answer to that question was yes. Affinity Health Plan did not erase information on a leased copier’s drive. CBS Evening News bought the copier as part of a story about copier hard drive security and discovered confidential patient information on the drive. Affinity ultimately paid $1,215,780 for the breach.
2. Include Them in Your HIPAA-Compliance Strategy
Every healthcare provider, regardless of size, needs to be compliant. The first step is to make sure you don’t ignore your copiers in compliance planning. That goes for any networked device with a hard drive that touches patient information.
3. Restrict Access
While not always feasible, physically restricting access to copiers and printers to a dedicated room is one way to ensure only authenticated users have access to the machines. At a minimum, restrict access so only your staff has access the devices.
Require user credentials at the device – password, swipe card, or even biometrics. Set up audit trails to ensure only authorized users are accessing devices. Set up an automatic log-off function as an additional safety step because users do forget to log-out.
5. No Ports in a Storm
Disable the USB ports on your copiers to prevent PHI from being downloaded to an unprotected USB stick.
6. Erase Onsite
At the end of your copier’s lease or if you resell your copier, have your service partner erase and/or digital shred the hard drive or do it yourself.
7. Leave No Document Behind
When printing, scanning, faxing, and/or copying PHI all staff should remain at the device until finish – don’t leave documents unattended on the devices.
8. Data Encryption
Enable data encryption on equipment that has a disk drive. The details will vary by manufacturer, for instance, Xerox products have a AES 128-bit encryption algorithm.
9. Loose Lips Sink Ships
This tip isn’t related to copiers at all, but I know I’ve overheard nurses and doctor’s office staff discuss patients. Be careful of where you discuss PHI, don’t do it in front of other patients at a minimum. Be careful of hallway and waiting room conversations.