Secure Documents for an Insecure World
Friday, February 19, 2016
by Mark Brudnak
If “Knowledge is power,” as Francis Bacon claimed, institutions would do well to protect it. Yet hardly a week goes by without reports of a serious document breach. According to a study by IT analysis firm Quocirca, only 15 percent of organizations believe their printing infrastructure to be very secure. This same report states that “70% of respondents indicated that they have suffered one or more accidental printing-related data breaches.”
Due to stringent laws protecting sensitive medical information, hospitals and other healthcare providers are scrambling to address their security shortfalls as well. HIPAA, HITECH, and other regulations have forced organizations everywhere to reexamine their healthcare document management and security measures. Failure to safeguard Protected Health Information (PHI) could result in being listed on the infamous data breach “wall of shame.”
Healthcare Document Security: Threats and Responses
When it comes to safeguarding healthcare documents, many organizations focus solely on the external threat. Intelligent network security measures and use of SSL (TLS) can mitigate some of the risk; creating a secure healthcare printing environment starts with access control. A 2011 Gartner news report cautioned organizations to “Treat printers as smart devices capable of inflicting damage on business systems…” and “Ensure that your printers and multifunction products are behind your corporate firewall.”
But even the most secure fortress has internal security threats. Printers and queues should be configured to prevent unauthorized users from viewing queued print jobs. Enterprise output management software simplifies configuration tasks while providing administrators powerful audit tools to detect and deter unauthorized document access. The saying “trust but verify” definitely applies to healthcare information.
Perhaps the easiest document to protect is the one never printed in the first place. Instead of distributing a print job to a user’s nearest printer, a company can distribute access to a protected electronic copy via an email link. By requiring users to “view first then print” or “view instead of print,” IT organizations can electronically track document access while reducing the cost of paper and other consumables.
The Case for Pull Printing
When physical hardcopy is required, pull printing (follow me print) is one way to protect against unauthorized document access. In a pull printing environment, user-submitted print jobs are not routed directly to a printer. Instead, the documents are stored (held) until the user authenticates at the MFD or other output device. After swiping an ID card, entering a PIN code, or otherwise authenticating, the user selects one or more of the queued documents for printing.
The advantages of pull printing are many. By holding print jobs until the intended user is at the device, such systems eliminate the risk of private data sitting unclaimed in the output tray. Each successful print job is logged, creating an audit trail to aid in HIPAA security compliance efforts. Gartner research indicates that 10% of printed documents are never retrieved by users, and this wastage can be eliminated by a pull-printing solution, resulting in significant cost savings.
Document security measures are no longer a luxury, but a necessity. Leveraging the secure printing capabilities of a true enterprise-class output management solution can help healthcare providers safeguard their patients’ PHI… and their own reputations.