Security is a real risk in healthcare today. For proof, consider these recent statistics:
“The average global cost per each lost or stolen record containing confidential and sensitive data was $154. The industry with the highest cost per stolen record was healthcare, at $363 per records.”
“The average organizational cost of a data breach is $5.4 million.”
“Seventy percent of healthcare organizations have experienced a data breach.”
In addition, risk to your compliance strategy is everywhere. Fines for non-compliance in the United States are regularly in the billions of dollars.
All of this leads to an important question: Are you looking at all the areas that could put you at risk for non-compliance?
We recently held a webinar on the topic of managing data security and reducing risk in healthcare, but wanted to provide a little more insight here.
Multifunction devices pose a threat
Printers, copiers and fax machines are often overlooked when assessing risk.
In a recent report, Copier Data Security: A Guide for Businesses, the U.S. Federal Trade Commission (FTC) makes a succinct statement: “Digital copiers are computers.” As such, the report goes on to recommend that organizations should incorporate these devices into their information security plans. Digital copiers, also known as multifunction devices (office machines that have the ability to print, scan, copy and fax), have hard drives, embedded firmware, and the ability to communicate with other systems on the network. They are susceptible to the same security vulnerabilities that a computer is.
Therefore, without the proper security measures in place, the multifunction printer (MFP) poses a significant risk of sensitive information exposure.
Improving security in healthcare
While healthcare providers have invested heavily in electronic medical records, they are still dealing with significant amounts of other information that need to be integrated into patient records such as paper-based forms or discharge instructions, mail, fax and email. Compiling and accessing this information is challenging — it creates distinct workflows, and raises privacy and security concerns.
As a result, this means healthcare providers must do all they can to minimize the security risks posed by MFPs and best manage these diverse sources of patient information to ensure compliance and data security. Specifically, healthcare organizations should focus on:
- Identifying areas of potential risk for non-compliance
- Using automation to streamline operations, enable better collaboration between departments and improve regulatory compliance
- Methods to increase data security and cut costs
For its part, the Office of the National Coordinator for Health Information Technology (ONC) has released software tools and guidance to healthcare professionals, on how to assess and remediate their organizations’ risk. All healthcare organizations must adhere to the HIPAA Omnibus Privacy and Security Rules – as well as the Meaningful Use stages. Document capture and workflow, print management and mobile capture solutions for healthcare can help providers overcome flaws inherent in MFPs with the administrative, physical and technical safeguards to improve healthcare document compliance and ensure data security in paper and electronic workflows.
To learn more, please download the Nuance whitepaper, “Security Made Easy.” You’ll see how document capture, workflow and print solutions add a layer of security and control to paper-based and electronic processes. Such advanced solutions help healthcare organizations reduce errors, mitigate the risk of non-compliance and avoid the fines, reputation damage and other negative consequences associated with data breaches.
 The Ponemon Institute & IBM, “2015 Global Cost of a Data Breach Study,” May 2015.
 The Ponemon Institute & IBM, “2014 Global Cost of Data Breach Study: Global,” May 2014.
 Quocirca Research, 2012.