American College of Physicians: Internal Medicine — Doctors for Adults ®

Advertisement

Another security risk: The copy machine

From the October ACP Internist, copyright 2010 by the American College of Physicians

The biggest loophole in keeping patients’ medical and financial information secure could be that often-used computer that isn’t part of the practice management system or the electronic health record. It’s the photocopier.

A frightening CBS news report this April showed that anything copied, scanned, faxed, or e-mailed by a copy machine is retrievable. In the report, a CBS crew bought four used copiers and then used free software to download the tens of thousands of images stored on the copiers’ hard drives. One unlucky health insurance provider was among the four companies that had given up a machine at the end of its lease without even knowing the images were stored.

Photo by Photos.com

Photo by Photos.com



Stop to think about what the photocopier in your office might have seen in the last week—patient records, credit card numbers, Social Security numbers, bank account numbers, tax returns and credit card bills—and multiply that by the length of time you’ve had the copier. It’s enough to make you shudder.

Protecting this information is easier said than done, but here are some tips and options to consider in protecting yourself and your practice:

  • First, establish whether the equipment saves digital images. Most but not all do. Newer models have corrected this problem, and Konica Minolta products do not save digital images.
  • Include in your copier sales or lease agreement an “end of life” data scrub that erases and destroys the hard drive at the end of the contract. If you are in the middle of a contract, try to get an addendum. When negotiating a new lease, include a clause about wiping the hard drive before it leaves your office.
  • Remove the hard drive, wipe it clean, and then dispose of it yourself.
  • Read the owner’s manual for your equipment. Some models/manufacturers provide instructions or software to erase the drive.
  • Hire an outside company to wipe the hard drive before you sell or return your copy machine.
  • Be sure to ask before you buy/lease what your “overwrite” software options are. Some companies, such as Sharp and Xerox, offer this alternative.
  • Find out if your machine is equipped with encryption or auto-erase features.

Whether you lease or own, and no matter what brand you’re using, it’s important to ask questions and take action before replacing your copiers or multifunction devices.

In response to the CBS news story, the Federal Trade Commission promised to address the issue with copier manufacturers and dealers, and referenced a previously issued guideline regarding the security and disposal of hard drives in general. For more information about keeping all electronic data secure, see ACP’s Health Information Privacy and Security Toolkit. For more information about HIPAA compliance, including security, privacy, and the HITECH Act, go to ACP’s compliance page.

Top

This is a printer-friendly version of this page

Print this page  |  Close the preview

Share

 
 

Internist Archives Quick Links

MKSAP 16 Holiday Special: Save 10%

MKSAP 16 Holiday Special:  Save 10%

Use MKSAP 16 to earn MOC points, prepare for ABIM exams and assess your clinical knowledge. For a limited time save 10% when you use priority code MKPROMO! Order now.

Maintenance of Certification:

What if I Still Don't Know Where to Start?

Maintenance of Certification: What if I Still Don't Know Where to Start?

Because the rules are complex and may apply differently depending on when you last certified, ACP has developed a MOC Navigator. This FREE tool can help you understand the impact of MOC, review requirements, guide you in selecting ways to meet the requirements, show you how to enroll, and more. Start navigating now.