Health IT Pulse

May 5 2010   3:15PM GMT

Copy machines targets for health care data breaches

Don Fluckinger Profile: Don Fluckinger

Data breach
Data Loss Prevention

Last week we saw a piece on a law firm blog about how copy machines can make a health care provider vulnerable to data breaches and HIPAA violations in a way we hadn’t considered.

It’s not enough, apparently, to make sure a copier’s software is set up to prevent patient data breaches by locking down the scan-to-email function. It’s not enough to force the copier to wipe or format its disk drive periodically, to make sure files are routinely deleted.

No, this article shows that enterprising identity thieves can circumvent even those measures — because of the way copier operating systems generally work. This isn’t the first time we’ve heard health care IT authorities talk about shredding hard drives as the only truly fail-safe way to prevent data breaches. But it’s the first time anyone’s brought it up while discussing copy machines, devices usually managed by third parties.

Which brings up our tip of the day: In your HIPAA business-associate agreements with copier providers, make sure that disk-shredding — or at least a strong scrubbing — becomes part of the decommissioning process. Don’t let your patient information be exposed, because it’s likely that CBS News didn’t come up with this idea for hacking into copiers for patient data on its own; other opportunists might be lurking around your facility.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: