I am finding that in many practices, the copier seems to get overlooked. Is your copier HIPAA compliant? What does having your copier HIPAA compliant mean? I’m not sure if there is a clear definition that would be different from any other piece of hardware that contains ePHI. Bottom line is you need to lock down your copier.
Why Lock Down the Copier?
- Your copier is a distribution machine of documents
- It is a shared data resource
- It contains ePHI and other sensitive information
- Sometimes they are placed in a non-secure area
- Hackers are looking to extract ePHI from ALL targets
What To Look For in Your Vendor
- Do they offer hard drive encryption?
- Is there any password protection?
- Can it automatically delete temporary image data?
- Can you enable SSL?
- Can you enable user account auto logoff?
Most of the larger copiers will have secure features. You just have to know they are there, and activate them. You should have a solid policy in place to enable all of the security features, and train your users. You will also need to have a plan in place for when your lease is up. You need to know how to handle the hard drive. Just because you have the ability to secure your copier doesn’t necessarily mean you have secured it. Talk to your vendor and make sure you are doing your part to keep ePHI safe.
Is your copier HIPAA compliant?
If you are not sure if your copier is HIPAA compliant, contact your copier dealer for more information.