Personal data is at a greater risk than ever before. Indeed, in 2020, 58% of all data breaches involved personal data, nearly twice the percentage of the previous year. While breaches have financial ramifications in any industry, they’re most costly for healthcare organizations. For example, the average cost of a data breach in healthcare was $7.13 million last year, compared to an average of $3.86 million across all industries.
Even when a breach doesn’t occur, related costs can add up. All it takes to get into trouble is a single HIPAA violation – and the longer that violation persists, the greater the financial penalty that comes with it.
One of the most common HIPAA violations is the disclosure of protected health information (PHI), which can result in severe penalties. In one instance, Memorial Hermann Health System was fined $2.4 million after the company disclosed a patient’s PHI in a press release. St. Luke’s-Roosevelt Hospital Center shouldered a $387,000 settlement after disclosing a patient’s HIV status to their employer. Clearly, healthcare facilities need to take proactive measures to keep PHI secure.
Recently, we’ve been taking a closer look at how healthcare organizations can meet this challenge amidst the growing use of multi-function devices (MFDs). Securing MFDs keeps healthcare facilities HIPAA-compliant and provides protection against data breaches.
So far, we’ve discussed four steps organizations can take to improve document security across MFDs – establishing user rules and workflows, auditing all network activity, harnessing data encryption and adopting follow-you printing. Now, let’s turn our attention to two more steps in the MFD data security process: automatically tracking PHI activity and implementing secure routing and destination workflows.
Automatically Track PHI Activity
One of the best ways to make sure PHI remains secure is to monitor and audit sensitive information within documents. Content filtering and redaction enable MFDs to identify and potentially remove sensitive information before printing occurs. If necessary, data can be either deleted or added across a selected batch of documents, making it easier and faster to protect information. Documents can also be removed from normal workflows, preventing printing if predefined confidential information is included.
Advanced MFD security enables healthcare organizations to take a more proactive approach to data security. MFDs can issue warnings in the event of a possible security breach, prompting the appropriate personnel to investigate immediately. Documentation of who has accessed or printed information establishes a clear chain of custody. When this is combined with other features such as chain of custody watermarking and electronic copies of all printed documents, healthcare facilities have an accurate, real-time view of document ownership.
Comprehensive tracking and monitoring of all documents and the PHI they contain reduces the risk of failed compliance audits, provides a clear trail of who touched a given document and prevents unauthorized access of sensitive information.
Secure Routing and Destination Workflows
Routing and destination workflows for all data transmitted across MFDs must be standardized and secured in order to reduce the risk of a breach. Centralized print management and scripts make it possible for healthcare organizations to standardize documents across multiple print centers. IT departments can easily control and enforce print, capture and routing controls across all MFDs, improving data security and protecting PHI.
One of the most common workflows in healthcare is scanning files to a network folder. Unfortunately, this seemingly simple task is also the least secure. Healthcare facilities can mitigate risk by using a print secure framework to standardize and integrate network scanning. They can accomplish this with optical character recognition (OCR) of all captured documents, API-level integration with network fax servers and by converting files to the HL7 format to support interoperability with Epic, Cerner and other electronic health records (EHRs) and clinical applications.
When healthcare organizations have the technology to actively monitor and control confidential patient information and the way data is transmitted through MFD workflows, staff members can leverage the benefits of multi-function devices without jeopardizing security. Facilities that combine these actions with the ones we detailed in our previous posts on healthcare data security can be confident they have a system in place that empowers employees to work like tomorrow, today – securely.