Security breaches create significant problems for any organisation. They tax resources, put your reputation in danger and, most of all, cost money. Healthcare organisations are especially vulnerable to security breaches and often have the most to lose. According to the Ponemon Institute, healthcare data breaches cost an average $6.5 million—or about $408 per patient record.
Today’s patient lifecycle includes more touchpoints than ever before. But while electronic health records give healthcare workers more access to relevant patient information, they also raise the risk of a security breach.
There’s a particular chance for carelessness or misconduct in today’s network of multi-function devices (MFDs), which are now mainstream in healthcare settings. Each time a document or form is captured—copied, printed, scanned, faxed or emailed—patient information is vulnerable to human error, theft or delivery of data through noncompliant mobile devices.
In fact, eight in 10 healthcare information breaches were caused by miscellaneous errors, privilege misuse or web applications, according to a study by Verizon. Six in 10 were caused by internal users.
But healthcare organisations can minimise risk and keep data secure on MFDs. These intelligent capture recommendations are based on common scenarios and will help you put procedures in place to protect your patients and your organisation.
- Establish user rules and workflows
Begin by managing content and user access across your network of MFDs. Establish workflow rules covering who can use each device, what information should be protected, and what information can be transferred.
Only authorised healthcare personnel should use your MFDs. Just as access to patient information will vary from department to department, limits can be set on who uses a specific device in a specific unit. Each MFD should be capable of verifying user credentials and permitting access based on those rules.
For instance, you may want to limit finance staff to printers in the administrative area, while denying them access to devices in patient areas. Be sure your devices also meet HIPAA and NIST regulatory requirements.
- Audit all network activity
Auditing allows MFDs to pass tracking information to a database. If a data breach occurs, this capability helps IT administrators easily track down the source, the authenticated user, the file name and type, and where the data was sent.
- Encrypt all data transferred between devices
Encrypt all communications between smart MFDs and mobile terminals, servers and destinations. This ensures documents will only be visible to authorised users. Data is encrypted while it’s in transit between MFDs, devices, servers and third-party applications, including electronic health records, line of business applications, and enterprise resource planning software. In addition, your devices should be capable of maintaining end-to-end document security during the continuum of care.
- Ensure data stays in the right hands
Healthcare professionals are entirely mobile as they move through your facility, which increases the risk patient information will fall into the wrong hands. With a follow-you print workflow, staff can send documents to the nearest printer, eliminating the risk of sensitive information languishing unattended—or even forgotten—for long periods. Micro-card readers and mobile authentication secure documents and ensure print jobs are released only to authorised personnel.
- Automatically monitor and track PHI activity
When healthcare organisations simultaneously monitor and audit their MFDs, they can ensure control of patient healthcare information before it ever gets to its intended destination. Your devices should be capable of proactively warning about potential security breaches. In addition, automatic content filtering and redaction maintains the privacy of patient healthcare information.
- Secure routing workflows
The capturing of documents into a network folder is the most common type of workflow. It’s also the type of workflow that’s most unsecure. To eliminate risk, standardise and integrate network scanning with a print secure framework. Network devices should be HL7 compliant and integrate with electronic health records and clinical applications. Optical character recognition (OCR) of all captured documents will allow you to search and share data securely. In addition, you can use APIs to integrate network fax servers with business applications—enabling the secure transfer of sensitive information.
No healthcare organisation wants patient healthcare information exposed to bad actors or negligence. By taking these steps, you can secure your copiers and printers and automatically transfer data to the right systems.
Zakir Ahmed is the Senior Vice President & GM - Asia Pacific & Japan at Kofax
