Almost every business uses a multi-function copy machine that copies, scans, prints and possibly faxes information. What most people don’t realize is that many of these machines have hard drives that store all information that the machine has access to. Think of these machines as computers that store a digital record of every copy it makes, every document it scans and every page it prints.
Copying patient information
If your organization copies insurance explanation of benefits (EOBs), patient insurance cards or uses a multi-function printer to print out letters to patients, all that information could be sitting on the hard drive of your copier. If this information is not properly destroyed before you return the machine to a leasing company, recycle the machine, sell the machine or throw the machine out; all that patient information might cause a HIPAA data breach.
Watch this video!
The below video from CBS news gives valuable information about the risks of copy machines.
Note: Affinity Health Plan who is featured in the video, received a $1,215,780 HIPAA fine because of one copy machine that contained 344,579 records with protected health information (PHI)
Understand a HIPAA Risk Assessment
Organizations need to perform a Risk Assessment to determine the likelihood of risks and what additional security measures should be put in place to protect patient information.
to better understand the HIPAA Risk Assessment process