The use of electronic health records has significantly improved the level of service patients receive today. At the same time, however, data breaches are also becoming commonplace. This isn't surprising – today's patient lifecycle has more touchpoints than ever before. Additionally, networked multi-function devices (MFD) such as copiers and printers are now mainstream in healthcare.
Each time a document or form is copied, scanned, printed, faxed or emailed- on either an analogue fax machine, digital MFD or mobile device-protected health information of patients can be accidentally exposed or intentionally compromised. Paper output can be particularly difficult to track and control and isn't eliminated by electronic processes. A significant proportion of healthcare information breaches are routinely caused by privilege misuse or inadvertent errors.
Prevention is possible. Gabriela Garner, Product Marketing Director at Kofax gives her six tips for healthcare organisations to secure their copiers and printers to protect the data of their patients:
1. Restrict access based on user authorisation
MFDs should support the restriction of features and capabilities of an authenticated user. They should also verify user credentials at the device, allow or deny access based on rules, restrict what each user can do at the devices, and meet regulatory requirements.
2. Centrally audit all network activity for print, copy, scan and network fax
Auditing allows MFDs to pass tracking information to a database. In the event of a data breach, this capability allows users to easily track down which device was the source of the breach; who the authenticated user was, as well as department and location; what was sent including file name, and file and document type; and where the data was sent, such as device, department, application and address. Auditing also enables users to analyse output and assign value for cost allocation, as well as implement rules-based printing.
3. Encrypt data to/from MFDs
Communications between smart MFDs and mobile terminals, servers and destinations should be encrypted to ensure documents are only visible to authorised users. This will ensure that data is encrypted while in transit between MFDs, devices, servers and third-party applications; and there's end-to-end document security during the continuum of care.
4. Secure print release and authentication with follow-you print workflow
This will support the mobile workforce and lower the cost of printing by eliminating waste. It's important to ensure compliance by keeping sensitive information secure.
5. Monitor and control information
Simultaneously monitoring and auditing sensitive information in documents ensures the protection of health information is controlled before it gets to its intended destination. This requires capabilities such as a proactive warning system of a potential security breach, content filtering and redaction, and document interpretation prior to the compromise.
6. Standardise and secure routing and destination workflows
The scanning of a file to a network folder is the most common, and, unfortunately, the type of workflow that's most at risk. It's essential to standardise and integrate network scanning. Capabilities including optical character recognition (OCR) of all captured documents, and API-level integration with network fax servers, is necessary.
Today digital copiers have a large proportion of the capabilities of computers. By controlling and protecting the physical and electronic access points on MFDs, damaging data breaches can be prevented.