Ah yes, copiers, the workhorse of American healthcare covered entities, business associates and subcontractors — your insurance card, your drivers’ license, your lab reports, your meds, etc, etc.. Do you happen to know if you are storing Protected Health Information on your copiers? Surprise! You probably are!
The HIPAA Security Final Rule as strengthened by The HITECH Act, requires that a Risk Analysis be conducted:
45 C.F.R. §164.308(a)(1)(ii) (A) – Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
Most organizations fail to include digital copiers in their inventory of information assets that create, receive, maintain or transmit protected health information.
- View this information CBS Reports news clip on the risks of what information can be found on copiers.
- Learn How to Conduct a HIPAA Security Risk Analysis by attending one of our webinars.
- Review our acclaimed HIPAA Security Risk Analysis ToolKit™ to help you complete the process.
Keep us in mind if we may be of any assistance.
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016