This article will address the key steps required to ensure that you are using your MFP in a manner that fully complies with the HIPAA Privacy Rule
If your organization is a so-called “covered entity” subject to HIPAA, it’s essential that all aspects of your business be HIPAA compliant. That includes your multifunction printer (MFP). This article will address the key steps required to ensure that you’re using your MFP in a manner that fully complies with the HIPAA Privacy Rule. By following the following simple guidelines, you can ensure that the information that you send and receive via your MFP is kept fully secure and confidential.
Access to any device that transmits, receives, or stores protected health information (PHI) should be restricted, such that only authorized users can access that information. Many healthcare facilities locate MFPs in locked rooms or back offices that are only accessible to approved staff.
Most MFPs include USB ports, SD card slots, or other means of inserting removable storage media. By disabling access to these ports, covered entities can protect against incidents in which an electronic copy of PHI may be copied to a portable device. At that point, your organization has no control over what happens to the information. That exposes you to the risk of a potential HIPAA violation. By preventing users from making untraceable electronic copies, you can avoid being at risk altogether.
If you’re using an MFP that includes its own hard drive, be sure that it is fully secured. Many HIPAA violations occur when information is inadvertently left on hard drives or other devices, without proper attention to destroying the data when it is no longer needed. By applying physical and technical security measures to the hard drive on your copier or MFP, you can avoid these kinds of risks.
Many companies rely on HIPAA-compliant cloud fax to send and receive information. The great thing about a secure cloud fax service is that it’s so versatile, allowing for conveniences like fax-to-email or browser-based transmission and receipt. Secure cloud fax also makes it easy to send and receive using an MFP. If you choose to print out paper documents, make sure your staff is trained to handle them with extreme care. That means not allowing documents to sit unattended and/or destroying physical copies of documents when they are no longer needed.
Many devices allow authentication prompts to guarantee that only authorized personnel can print from MFPs with access to PHI. The first benefit of such measures is obvious: it prevents the wrong people from getting at patients’ confidential information. There is another important benefit, though. By requiring authentication prior to printing from an MFP, your organization can maintain logs of all activity, enabling you to monitor and audit access to PHI.
Many of the copiers and MFPs in use today require periodic updates to their drivers and TLS versions. Check regularly for updates and make sure your devices have the latest versions installed. WestFax works with our clients to ensure they’re maintaining full compliance with HIPAA whenever they send or receive faxes using such devices. Our Cloud Fax Connector ensures those devices use the latest TLS security.
Despite popular perceptions about faxing, modern fax technology is by far the most secure means of transmitting and receiving PHI, – provided it’s done using a HIPAA-compliant cloud fax provider. Better yet, – our secure cloud fax works seamlessly with virtually any MFP on the market. WestFax offers full interoperability, allowing users to send and receive faxes using desktop applications, e-mail, custom programming using the WestFax API, or with a multifunction printer/copier. WestFax leverages the built-in capabilities of nearly any MFP make or model to provide you with ultimate flexibility, while still maintaining full HIPAA compliance. WestFax supports devices made by Xerox, Lexmark, Toshiba, HP, Kyocera, Canon, and numerous other manufacturers. You can continue to use your current authentication methods, vastly simplifying configuration and administration.