Paper carries potential risk. Almost everything a healthcare organization prints contains valuable protected health information (PHI) such as social security numbers, birthdates, insurance coverage identification and payment information. If not carefully protected, printouts can be picked up off a printer tray for internal fraud or exfiltrated from the printer's hard drive by hackers. Even accidental PHI exposure can put integrated delivery networks at risk for Health Insurance Portability and Accountability Act (HIPAA) violations. To improve efficiency while protecting sensitive information, healthcare providers must consider their entire print process carefully.
When it comes to cybersecurity, IT departments spend most of their time worrying about outside attacks. However, the reality is that the most egregious data breaches emanate from within. That’s why the first step for print security is to secure the printer.
Enterprise-class printers like the ones used by single- and multi-office healthcare providers as well as hospitals and health systems are as exposed to access as any other endpoint on your network. Secure the printer just as you would a workstation. Security precautions include:
Pull printing only releases a document after the user authenticates at the printer using a PIN number, badge or biometric identification. This prevents sensitive documents from sitting exposed or forgotten on the printer tray.
Controlling access through authentication keeps unauthorized users at bay and also makes it simple to restrict device features, such as scanning, printing in color, or email to certain users or groups. This solution helps ensure documents are sent to the correct printer while scans are sent to the user's email or network folder, keeping documents and scans from going to the wrong printer or person.
Healthcare organizations receive a significant amount of payment and patient information via fax. Configure the device to password protect incoming faxes so only the appropriate person can access it.
Sophisticated EDRM technology can protect confidential PHI at the file level. It gives document owners the ability to prevent copying, modifying, printing and even granting or revoking access at anytime and anywhere.
In the case of an audit, it will be crucial to be able to prove compliance or trace unauthorized use. Use a centralized auditing tool to manage access and to control, set, and update policies; to oversee users and activity; and to run audit reports on usage. This will ensure audit logs for every successful and unsuccessful document access request are recorded.