1. Home
  2. Practice Help
  3. Compliance
  4. HIPAA

HIPAA Best Practices for Photocopiers, Printers, and Fax Machines

Physicians and health care providers are more aware of data breach risks from their photocopier, printer, and fax machine after a covered entity was fined more than $1.2 million in 2013 for returning leased copiers that contained protected health information on the hard drives. Here are three best practices to consider when creating your HIPAA policy and procedures for photocopiers, printers, and fax machines.

  1. Locate office machines in well-supervised areas and away from plain view.

Any document that is printed, faxed, copied, or scanned on your office machines likely includes protected health information. Use good judgement to decide where to place these machines in your office. Is someone always close by so that it is difficult for unauthorized person(s) to view or access the printed information? Review the location of equipment with your staff and their responsibility to monitor access to your office machines.

  1. Document your policy and procedure for protecting data stored on office machine hard drives.

Almost every modern photocopier, printer, and fax machine has a hard drive that stores document images that may contain protected health information. Consider your options for protecting the data stored on the hard drive such as data removal techniques. Your office equipment may come with the ability to perform a data wipe of the drive that meets federal standards for removal. Document your policy and procedure to protect the information stored on the hard drive before a machine is removed for offsite repair, replaced, or returned to a leasing company. 

  1. Review your policy with any third-party who owns or maintains your equipment.

Review your policy and procedure for protecting health information that may be stored on a photocopier, printer, or fax machine hard drive with the company that owns or maintains your equipment. When a machine needs to be repaired, returned, or replaced, make sure you document the procedure performed to protect the data, such as removal of the data from the hard drive or destruction of the hard drive.

Visit the TMA HIPAA Resource Center to find tools, information, education, and consulting to help become HIPAA security-compliant. 

Published July 10, 2015

TMA Practice E-Tips main page

Last Updated On

May 30, 2019

Originally Published On

July 10, 2015

Related Content

HIPAA

TMA Membership

What could a TMA Membership mean for you, your practice, and your patients?

Join TMA Now

Texas Medicine 

TMA’s ongoing advocacy has led to meaningful physician workforce gains, and telemedicine technologies and revenue boosters are helping to maximize access to care. But shortages – most entrenched in rural areas and certain specialties – persist as Texas lags in its ratio of patient care physicians and an increasing average physician age foreshadows a deepening workforce crisis. Looking ahead to 2025, TMA is focused on ensuring the Texas Legislature finds new ways to grow and maximize the state’s physician workforce across the many specialties it needs. Plus, how TMA experts help identify medical documentation missteps that may lead to payment and prior authorization denials, and how Texas is grappling with syphilis. 

May_24_TM_Cover

 

Get the latest issue.