Skip to content
Employee using printer

Adrian Lopez, Sr. MPS Manager

How can Managed Print Services (MPS) Help with HIPAA Compliance?

An MPS partner can offer many options to help you stay in line with HIPAA and all of its regulations. An MPS solution offers physical objects like tray locks, secure any paper you have in the input trays, like Rx sheets or insurance claim forms. Software solutions, including security and monitoring are also provided through an MPS solution to ensure your data stays secure. There are a number of solutions that work great for government and industry regulations.

How Managed Print Services (MPS) Help with HIPAA Compliance

Encryption

Printers and copiers are a risk to your data and network.  It is actually pretty easy to hack into one of these (yes, even if they are behind your firewall) and then get into your computers and servers.  There are a lot of security solutions you could put in place that will encrypt your copier’s hard drive.  This is important because a digital image of every page printed is saved on the hard drive. Imagine you get rid of an old copier, along with thousands of patients’ information stored within.

There are real time security monitoring and protection solutions that will automatically find, report, and fix any threats they find.  For example, HP has JetAdvantage Security Manager and a lot of onboard policies on their hardware. Print jobs can be picked up as they make their way to the printer. A ‘middle man’ attack is when someone grabs your print job in transit, copies the job, and then sends the job to the printer. This usually occurs without anyone knowing it happened. An MPS partner can configure an encrypted print stream to prevent anyone from seeing the information in a print job if intercepted.

Reporting

Knowing who has access to PHI and what users are doing with it is incredibly important.  With a reporting tool provided by your MPS partner, you can see who is printing, and possibly sharing, what documents.

Though there are reporting features with fax machines, traditional fax machines do not use encryption and there are ways to intercept the fax. For Electronic Faxing, yes encryption can be in place (in transit), but should be verified.  Also, ensuring that the provider is HIPAA Compliant is needed and a Business Associates Agreement is needed as well. Faxing for HIPAA compliance can be tricky, but when done accurately and appropriately, has many reporting benefits.

Pull Print

If patient information is left sitting on a printer, anyone can have access to the information. An MPS partner can provide you with a pull print solution. With pull print, jobs get stored in a centralized, typically cloud based, print driver.  These jobs do not get printed at a device until a user is at the printer or copier and authenticates.  This eliminates anyone from seeing something they shouldn’t. Additionally, this gives users the benefit of walking up to any device and getting their prints. This eliminates hunting through hundreds of print drivers to find the correct documents and provides the best form of reporting because users must authenticate.

All of these practices can help make sure that you are in line with HIPAA and all the demands that go along with it.  Most of these do come with a monthly fee, pull print included, but fractions of a penny per page is a lot less than hundreds of thousands of dollars, bad PR, and possible jail time because of a breach. When evaluating MPS providers, consider asking these 5 questions.