Guest Column | June 29, 2011

There Are Unsecured Computers On Your HIT Network


By Tim Bohn, Global Alliance Director, Equitrac

In almost every healthcare organization today, there are devices with significant processing power and hundreds of gigabytes of memory that process thousands or even hundreds of thousands of pieces of Protected Health Information (PHI) on a daily basis. These devices pose a serious risk as they move PHI around your organization, into your Electronic Medical Record (EMR) system, and out into the world by fax or email.

So what are these unsecured devices? They are today's Multi-Function Products (MFPs), long removed in capabilities from being simply "copiers". Let's take a look at a typical MFP. An average device features a 160 GB hard drive, 2 GB of system memory and 1 GB of page memory, driven by a 1.5 GHz processor. The MFP needs this processing power and memory to support modern document workflows. Check the specifications on your MFPs and you'll see that processing and storage power are probably well beyond your expectations and sometimes more than PCs and laptops. Now think about the combined total memory and processing power of all the MFPs on your network. If you are like many of your colleagues, a simple mental exercise will validate you have a gap in your compliance infrastructure -- finding MFPs not properly secured and without a proper audit trail.

Not only do unsecured MFPs pose a threat, but the threat may be serious. It is not unusual for an office level MFP to processes 100,000 pages per month. Even if only half of these pages contain PHI, that is still 50,000 instances of potential HIPAA violations per MFP. And violations occur on a regular basis. In fact, according to one study, 34% of polled respondents admitted to finding personal patient information left on the printer – including health records (38%) and lab results (34%). These respondents were not just doctors and nurses – almost half (44%) worked in roles such as marketing, operations, finance and IT. Access this content to read the entire article.