How to protect sophisticated printers from breaches
When healthcare organizations formulate their cybersecurity initiatives, they traditionally focus on protecting protected health information (PHI) by securing computer networks and perimeters. However, devices like printers and scanners carry overlooked risks and are too often an afterthought when it comes to HIPAA compliance.
Today’s multifunction peripherals (MFPs)—devices with the ability to print, scan, copy and fax—are connected to the healthcare facility’s network and electronic health records (EHR) systems, and are thus vulnerable to threats originating on internal networks and desktops.
For example, consider the application that enables users to email documents to the MFP for printing, or the application that enables users to scan documents and then immediately email them. Both rely on an MFP network connection.
In its report, “Copier Data Security—A Guide for Businesses,” the Federal Trade Commission puts it in clear terms. “Digital copiers are computers,” complete with hard drives, embedded firmware and the ability to communicate with other network systems. Without the proper security measures in place, MFPs present a significant risk for both patients and healthcare providers.
Even though the organizations have been incentivized by meaningful use to transition PHI to EHRs, a large portion of patients’ PHI still remains on documents like admission paperwork, consent forms, authorization forms, medical history files, referrals and prescriptions. Moreover, even PHI stored securely on EHR systems is put at risk when converted to physical printed documents.
Paper output is especially difficult to track and control. Documents full of sensitive patient information can be left on printer trays, not to mention they’ll “live” forever in desk drawers and filing cabinets. The Department of Health and Human Services’ Office of Civil Rights addressed this in its most recent rules regarding patient privacy protections, where it mentioned copiers 15 times as falling into a class of workstations that must be better equipped to control and protect PHI.
MFPs must be a focal point for securing paper-based patient information and ensuring a higher level of HIPAA compliance. Trying to get a handle on paper can seem like an enormous task, yet there are relatively simple procedural safeguards healthcare organizations can integrate into their workflows to ensure PHI is protected.
Requiring healthcare providers and staff to authenticate their identity at the printer eliminates the risk of documents falling into the wrong hands. Anonymous MFP use is unsecure and invites accidental data breaches when users unknowingly intercept documents not printed by them.
To avoid exposing documents with PHI when printed, users authenticate at the device before documents are released. The device only prints documents that are approved for release to the authenticated user, and the print job cannot be stored on the device prior to printing. Authentication also enables auditing, reporting and tracking of user activity, which enables organizations to keep better records of their print outputs.
Restricted permissions limit MFP access to authenticated users and only allow them to perform previously approved tasks. This is crucial from a central security management perspective by enabling the MFP to restrict document printing and scanning based on group membership or credentials.
This means that healthcare organizations can pre-approve who has access to certain documents, which eliminates the chance of having individuals open and print files with sensitive information.
Destination control can put boundaries around where files can go—for example, to which fax numbers, email domains, network folders and case management systems. For example, a healthcare system may allow documents scanned on the MFP to only be sent to email addresses with approved domains.
In the example of faxing, lack of control can mean sensitive PHI traveling over unsecured lines, so organizations should consider eliminating direct analog faxing by adopting a centralized fax server, or setting up “white lists” for commonly used fax addresses.
Ensure all information is encrypted when sent from a device to a target location such as a fax, email or network server, or document or content management system. Modern MFPs often contain hard drives that are used to cache scanned document images and printed documents. All non-volatile memory media used to cache data on the device should employ a method of data erasure to ensure sensitive data is never stored on the MFP.
Healthcare organizations can track and log detailed information about every output that takes place within their system. Auditing enables the MFP to store tracking information in a data¬base. In the event of a data breach, this capability will enable organizations to easily track which device was the source of the breach, who the authenticated user was, and where the data was sent.
When it comes to obtaining a higher level of HIPAA compliance, physical paper cannot be deprioritized. Healthcare facilities may feel overwhelmed trying to get paper under control, especially given its immunity to deletion protocols and its natural ability to “live forever.” But simple steps such as those outlined above can help shore up processes through implementation at the MFP level. When combined with greater network security protections in an overall strategy to secure PHI, healthcare organizations can achieve a more holistic approach to protecting their patients and providers.