Are your Office Printers/Copiers HIPAA Compliant? Here’s How to Make Sure

Did you know your copiers and printers in medical offices could be a HIPAA risk? Years ago, medical offices could make copies and fax information with little risk of that information being stored in the copier or machines. Times have changed. Now, with the newer printers and copiers being as sophisticated as they are, the data is stored for a long time. This opens up the medical practice to sensitive information being non compliant with HIPAA regulations.

HIPAA compliance laws are in place to make sure that all medical information is kept private. Patient information is important and sensitive. Violating this privacy can lead to severe fines. The best way to make sure a business copier and printer comply with HIPAA is to wipe the hard drives clean. This involves getting the IT department to literally take out the piece of machinery that holds the data and performing the process of erasing the data.

Verify your IT department or hired company is educated on how to complete this task. Removing data is not as easy as hitting the delete button. Your IT personnel must perform a separate and detailed task of wiping the hard drive clean.

Some people may ask how breaches can happen. Simply put, if a machine is leased, it’s even more vulnerable to problems when it’s returned. Many companies just send the machine back and forget to wipe the data clean. This puts all the data at risk. In the medical field, this violates HIPAA Compliance and opens the company up to not just fines, but other legal issues as well.

Here are a few ways to make sure that the copier complies with HIPAA:

1. Make sure the hard drive is cleared at regular intervals and BEFORE it’s returned to the leasing agent, if leased.
2. Keep detailed notes on how to wipe the files and keep them with the IT Department.
3. Train office personnel to watch for the information they are sending or otherwise putting through the system. If they can avoid faxing information or copying it, have them securely email information whenever possible. It’s easy and can be more effective.
4. Create PDF documents for emailing purposes. Again, it is often easier and safer.
5. When the copier and printer DO need to be used (and it will still be needed), keep mind of how often it gets cleared out. Remember, hitting delete on info does not actually delete it.
6. If there are any questions, have the company reach out to the appropriate government agency for assistance on maintaining compliance.

When it comes to HIPAA compliance for copiers and printers, it’s important to remember to erase the data properly. Having set times during the year the systems are wiped clean will lessen the risk of breaches. Remember, if the equipment is leased, the hard drive must be erased prior to returning it to the leasing agent.

Fines have run over the One-Million-dollar mark for a company, when it was discovered they were negligent in their compliance.  They exposed many patient’s sensitive information. While this violation was not intentional, it did result in severe HIPAA exposures.  Any breach is difficult to come back from due to the violation of trust with your clients. Loosing patients/ clients and dealing with massive fines is enough to destroy companies.  Taking HIIPA compliance to the highest priority and remembering each piece of office equipment could also be at risk. Taking the proper steps to clear data and make sure your information is safe protects everyone.     

Advanced Business Solutions prides ourselves on working with the medical community. If you have questions on staying HIPAA compliant with your office machines, contact us today.