Ah yes, copiers, the workhorse of American healthcare covered entities, business associates and subcontractors — your insurance card, your drivers’ license, your lab reports, your meds, etc, etc..  Do you happen to know if you are storing Protected Health Information on your copiers?  Surprise!  You probably are!

The HIPAA Security Final Rule as strengthened by The HITECH Act, requires that a Risk Analysis be conducted:

45 C.F.R. §164.308(a)(1)(ii) (A) – Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.

Most organizations fail to include digital copiers in their inventory of information assets that create, receive, maintain or transmit protected health information.

Keep us in mind if we may be of any assistance.

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.