For healthcare, 2020 was a tough year – and not only because of the pandemic. It was also a record-breaking year for large healthcare data breaches – the highest number on record since tracking began in 2009.
This is just one of several unsettling statistics in HIPAA Journal’s 2020 Healthcare Data Breach Report. Overall, healthcare data breaches increased by 25% year-over-year, with 76 breaches involving 500 or more healthcare records reported each day in 2020.
Unauthorized access and disclosure incidents accounted for 22.27% of the breaches in 2020. The types of incidents that fall into this category include accidental disclosures of protected health information (PHI) to unauthorized persons, human error and even good old-fashioned nosiness by staff members.
Insecure printers, copiers, fax machines and scanners are a common avenue for breaches. These devices make it all too easy for information to get into the wrong hands or for a simple mistake to occur.
In our previous post on healthcare data security, we looked at two ways healthcare organizations can improve the security of multi-function devices (MFDs) – establishing user rules and workflows and auditing all network activity across MFDs. Rules and workflows enable you to control who is authorized to use certain devices for printing, scanning, copying and faxing and which features and functionality a given user can access. An audit captures detailed tracking information that is invaluable should a breach occur.
However, securing the patient PHI across all MFDs doesn’t end there. Data encryption and a secure print release workflow keep the data transmitted by MFDs secure, ensures confidential information is only seen by authorized users and improves compliance. As an added bonus, healthcare organizations can also reduce the costs associated with printing documents. Let’s take a closer look at these two important MFD data security features.
Encrypt All Data Transferred Between Devices
One of the main security risks with MFDs lies in communication with other network systems. When a healthcare employee uses an MFD to print, copy, fax, scan or email a document, the device has to communicate with other devices, servers and third-party applications such as electronic health records, line of business applications and enterprise resource planning systems. While this functionality makes patient data available in other systems and improves the quality of care, it also opens the door for security vulnerabilities.
The chance of simple human error increases as patient data gets moved from one system to another via multiple touchpoints. Oftentimes, healthcare workers are trying to move quickly, increasing the likelihood of sending documents containing PHI using non-compliant mobile devices. Additionally, healthcare organizations cannot ignore the fact that there may be a staff member who tries to access sensitive data for malicious purposes. Encryption enables healthcare organizations to make sure documents are only visible to authorized users.
Encryption of your file store for files that have printed or are waiting to be printed protect data at rest. Data must also be encrypted in transit, as it moves from the MFD to another device, network or application. The combination of encryption at rest and in transit keeps documents secure throughout the entire patient care lifecycle.
Ensure Data Stays In the Right Hands
Whether working in a hospital, testing center or other healthcare facility, a large percentage of staff are working on mobile devices. Mobile usage increases the speed of care, but it also makes it easier for an unauthorized user to access PHI. A secure print release workflow supports the mobile workforce while maintaining document security through authentication.
Some of the key features to look for in a secure print release workflow include micro-card readers and mobile authentication. Staff members can choose to send documents to the nearest printer so sensitive data isn’t left sitting in the print tray for long periods of time. Secure release makes sure sensitive documents aren’t printed unless the authorized user is there to retrieve it.
A single, intelligent print-queue for every employee and every printer makes it possible for staff to pick up a job at any printer – and it can all be done on-demand. Healthcare facilities gain a clear picture of the document chain of custody, which is essential for proving compliance with HIPAA regulations.
In addition to security advantages, a secure print release workflow also eliminates the waste often associated with printing. For example, staff often don’t know which printer they should use or if a given MFD is offline or unavailable. The end of unclaimed documents and inefficient print workflows reduces printing costs, delivering savings on both wasted paper and IT resources.
MFDs play a primary role in improving the speed and quality of care that healthcare professionals can provide—but organizations have to be careful to avoid the security vulnerabilities that accompany increased reliance on these devices. Data encryption and secure print release add the necessary safeguards to keep sensitive data safe and accessible only to designated individuals.
In our next post in this series, we’ll look at two additional actions healthcare organizations can take to secure MFDs— monitoring and controlling PHI activity and secure routing workflows.
