Skip to Main Content

HIPAA, HITECH, and Healthcare Data Hazards

Happy New Year to loyal readers of this Blog (including our visitors from other print software companies – yes, we know you’re here). After several years of Covid travel restrictions, our family spent this holiday season visiting overseas friends and relatives. It was great to see everyone again, recharge the batteries, and catch up on some articles I’ve been meaning to read. Starting with this interesting analysis from the cybersecurity and privacy research firm Comparitech.

I have been planning to write about this topic — privacy breaches in healthcare environments — for a while now. Hospitals and other healthcare providers have some of the most stringent data protection and IT security requirements anywhere. In the U.S., providers are subject to the Health Insurance Portability and Accountability Act, better known as HIPAA. These stringent regulations dictate how patient and care-related information can be shared, protected, retained, and destroyed. The 2009 HITECH Act went even further by listing privacy violations in detail and strengthening enforcement measures and penalties.

While some of the most high-profile healthcare data breaches involve hacking or unauthorized access to IT systems, HIPAA and HITECH regulations also apply to printed documents like patient charts, prescription forms, and dozens of other physical document types. Once printed, a document can be misplaced, stolen, copied, or simply read by someone other than the intended, authorized recipient. Failure to safeguard Protected Health Information (PHI) could get your healthcare organization listed on the infamous data breach "wall of shame" and result in severe financial penalties.

One way to avoid documents being misused is to avoid printing them in the first place. Instead of distributing a print job to a user’s nearest printer, a company can distribute access to a protected electronic copy via an email link. By requiring users to “view first then print” or “view instead of print,” IT organizations can electronically track document access while reducing the cost of paper and other consumables.

When physical hardcopy is required, pull printing is one way to protect against unauthorized document access. In a pull printing environment, user-submitted print jobs are not routed directly to a printer. Instead, the documents are stored (held) until the user authenticates at the MFD or other output device. After swiping an ID card, entering a PIN code, or otherwise authenticating, the user selects one or more of the queued documents for printing. At every point from document creation until successful print delivery, data is encrypted and protected from unauthorized access.

The advantages of pull printing are many. By holding print jobs until the intended user is at the device, such systems eliminate the risk of private data sitting unclaimed in the output tray. Each successful print job is logged, creating an audit trail to aid in HIPAA security compliance efforts. Gartner research indicates that 10% of printed documents are never retrieved by users, and this wastage can be eliminated by a pull-printing solution, resulting in significant cost savings.

Leveraging the secure printing capabilities of a true enterprise-class output management solution can help healthcare providers safeguard bother their patients’ PHI and the reputation of their organizations. Document security measures are no longer a luxury, but a necessity. LRS software solutions and the experts who support them can help you stay in control of patient privacy… and out of year-end listings of HIPAA breaches.