For one, if these printers or photocopiers contain highly sensitive data like protected patient health information, it could lead to threats like fraud or identity theft and your facility could be sanctioned for violating HIPAA Privacy and Security Rules. One major case related to the impermissible disclosure of PHI of about 345,000 individuals is that of Affinity Health Plan, Inc. and this company was penalized and paid a huge amount of money totaling USD 1.2 Million. A corrective plan was also required by OCR for Affinity Health Plan to recover all those storage drives of those MFPs leased by Affinity Health Plan then ensure this time that safeguards to protect patient health information are implemented.
Your site’s PHI may be at risk by use of one of these machines. Data can be accessed remotely (Wi-Fi connection or network LAN connection), or taken out via the hard drive. As most of these digital printers and copiers are leased, there lies the risk of exposing the PHI when the machine is returned or sold.
For more tips and guides on how to secure your digital printers and copiers, please visit Federal Trade Commission’s guidance on safeguarding sensitive data stored in the hard drives of digital copiers.