The Department of Health and Human Services considers printers, copiers, scanners, and fax machines to be equipment that needs to abide by the standards outlined in the Health Insurance Portability and Accessibility Act (HIPAA). These devices are open to the threat of exposing private health records if not properly secured. However, despite the vulnerabilities that these devices present, they are often overlooked when companies devise their HIPAA security policies.
To demonstrate the damage of not ensuring that multifunction devices are HIPAA compliant, remember what happened with Affinity Health Plan in 2010. The company neglected to erase protected health records from the hard drives of leased copiers before returning the equipment to the leasing company. Due to this oversight, more than 330,000 records were exposed, which cost Affinity $1.2 million in settlement fees with the Department of Health and Human Services.
As you can see, HIPAA compliance for your office equipment needs to be a priority. Here are several steps to take to ensure your printers, copiers, scanners, and fax machines are HIPAA compliant:
- Place devices in a physically secure location. Devices should be placed in an area that is only accessible to authorized users. To further mitigate the risk of private records from becoming exposed, enforce pull printing so that documents are not left unattended on the output tray.
- Erase the hard drive. The hard drives on printers, copiers, scanners, and fax machines store a digital image of all processed documents. Therefore, it’s critical that you routinely erase their hard drives to minimize the amount of data stored on the equipment. The hard drive on leased equipment needs to be completely erased before returning it to the leasing company.
- Require user authentication. All devices should be password protected. As a best practice, users should only be given credentials for devices that they are authorized to use. To further strengthen security, use an automatic log-off feature on the device.
- Use data encryption. All of the data that is stored on the device needs to be encrypted using Secure Socket Layer (SSL) encryption. It’s also important to encrypt the data that passes between your network and devices and periodically erase the encrypted data on the hard drive and the memory.
To ensure that your printers, copiers, scanners, and fax machines are HIPAA compliant contact a RYAN representative today.