Information Security
Providing quality patient care is the highest priority in hospitals and the health care industry. Tantamount to that priority is data security of patient records, medical and administrative transactions, and employee information. Nothing is more important to the hospital administrator, patient or caregiver than the protection of personal and medical information. Yet, identity theft is among the highest risks faced by the public as a direct result of technology advancements and the proliferation of electronic devices in the workplace – including printers and copiers. According to the security research group, The Ponemon Institute, in the first five months of 2010, more than 800,000 data-sensitive memory devices, such as USB drives, hard drives and laptops were either lost or stolen. The challenge faced by hospitals was captured in a broadcast news report citing that copier equipment used in hospitals was not being ‘cleaned’ before leaving the facilities resulting in the loss of thousands of patient records, financial statements and other private documents.
Hospitals are paper and people-intensive businesses where opportunity for data loss abounds because of the size of their facilities, public access and often, the number of building locations of a hospital system.
For hospitals, there are added concerns for ensuring the security of information and addressing the integrity and protection of the transfer of electronic patient records placed upon the health care industry by the U.S. Department of Health and Human Services (US DHHS) Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).
While the core business of hospitals is to deliver quality patient care, the focus for AUXILIO as the exclusive, vendor independent nationwide leader in Managed Print Services (MPS) is to be proactive and responsible in delivering information, advice, tactical and technical support for data security of patient and administrative records. Hospitals turn to AUXILIO to guide their security policies and procedures, end-user training and education, and equipment data protection measures.
AUXILIO, as the only vendor independent MPS company in the U.S. health care industry, has designed a proprietary based compilation of information on device and data policies, software applications needed to ‘clean’ hard drives, and the costs for device compliance upon decommissioning for all major and minor manufacturers’ devices within its scope. This research is robust and structured by data points for each device according to make, model, internal data security software needs, and their accompanied security applications.
Further, AUXILIO abides by the mandates of HIPAA regarding the disposal and recordkeeping of hardware and software for electronic protected health information (ePHI). Any and all devices and equipment located in our partner hospitals are vetted for network protection, local device access and user authentication, data encryption, and document protection.
AUXILIO conducts routine and regular checks and performs independent research on equipment manufacturers’ compliance with the HIPAA Security Rule to ensure that all equipment under our purview is aligned with this regulatory requirement and conforms to the standards held by our hospital partners.
In addition to research and technology, AUXILIO has a comprehensive Standard Operating Procedure (SOP) in place to assure that all data is wiped from the hard drives and equipment at the time of disposal or replacement. Educating equipment end-users is also a top priority for AUXILIO to help caregivers protect patient information during their work day by providing information and training on the proper use of secure print features.
Guided by HIPAA for patient records protection and security, AUXILIO works strategically with its hospital partners on advising and preparing their internal operating device data security protocols, practices and policies. Hospitals are provided a complete lifecycle of document protection regardless of the manufacturers’ make, model, hardware or device. Being vendor neutral, AUXILIO monitors changes to device security methodology and costs to advice hospitals on best practices and use of equipment across the spectrum of manufacturers. Some of the routine tasks performed by the AUXILIO on-site print strategist include, enabling password authentication, setting device to output ‘paper face down’, disabling USB access and scanning features, when appropriate and warranted, enabling LDAP access to ensure only registered users can scan-to-email, enabling device access logs, controlling device location security and enabling advanced security features such as hard drive encryption.
AUXILIO staff are highly trained in data security compliance and work side-by-side with hospital administrators and end-users to determine the highest standard of data security at all times under any circumstance or based on any condition.
Working with hospital IT executives and other department managers, AUXILIO performs the most complete range of procedures on every device – regardless of the equipment manufacturer or software product – and provides on-going end-user education and training to secure the daily flow of information across the enterprise. AUXILIO delivers the advantage of its vendor independence and health care exclusive market position to secure patient and administrative information through its comprehensive data security protocols, research and technical expertise.
