HIPAA Compliant Copier Scan to Folder_Scan to Email_Scan to Fax

Report
About Notable Solutions, Inc.
-
15 Year History
Industry Leader in Distributed Document Capture
Over 30,000 installations
Thousands of Healthcare Customers
- Federal – DOD and Veteran’s Administration
- IDNs and Healthcare Systems
- Community Hospitals
- Rehabilitation Hospitals
- Surgery Centers
- Home Care
- Long Term Care and Assisted Living
- Clinics, Doctor’s Offices, Therapist
Notable Solutions, Inc
North America
Latin America
Europe, Middle East,
Africa
Secure Information Exchange™
Mainframes
Production Printers
Multifunction Devices
(MFDs), Network Scanners
Groupware & Collaboration
Desktop apps
EHR, or Content
Management System
Smartphones
and Tablets
File, Fax, Email
Desktop scanners
Custom Applications
EHR, Line of Business
Applications
Notable Solutions, Inc
Office Printers
The Common Thread
Security
Flexibility
& Future
Growth
Proven
Product
Notable Solutions, Inc
High
Availability
Financial
Savings
HIPAA Compliant Use of Copiers in Healthcare
•
•
•
•
•
•
•
•
•
•
Compliance to HITECH Omnibus Final Rule
Ensure HIPAA Privacy Compliance
Ensure HIPAA Security Compliance
Provide for User Authentication
Provide for Access Control
Control the risk of Scan to fax and use of analog fax
Control the risk of scan to email
Control the risk of scan to folder
Provide for Encryption
Robust Audit Trail for tracking and reporting
Notable Solutions, Inc
HITECH-OMNIBUS FINAL RULES
• Published in Federal Register – Jan. 25, 2013
• Effective Date – March 26, 2013
• Compliance Date – September 23, 2013
Notable Solutions, Inc
HITECH - HIPAA OMNIBUS Rules
Compliance Starts September 23rd 2013
IMPACT:
• Greater power to OCR – Office of Civil Rights
• Tighter Security and Governance
• Greater Fines Civil Liability and Criminal Penalties
• Greater Breach Notification Requirements
Privacy Rules and Security Rules
•
•
•
•
§ 164.306 Security standards: General rules.
§ 164.308 Administrative safeguards.
§ 164.310 Physical safeguards
§ 164.312 Technical safeguards.
Notable Solutions, Inc
HIPAA Omnibus Rule
Compliance Date!
Notable Solutions, Inc
Civil Monetary Penalties
Compliance Starts September 23rd 2013
Notable Solutions, Inc
Networked Copiers (AKA MFD or MFP)
HIPAA Violations:
•
•
•
•
•
Notable Solutions, Inc
No Access Control
No Authorization
No Audit Trail
No Encryption
No copy of data sent
HIPAA Compliance and Copiers in Healthcare
HIPAA OMNIBUS Regulations
•
•
•
•
•
•
•
•
•
•
Risk Assessment
Ensure Authorization
Control Access
Encryption
Track & Log Scan to Email
Track & Log Scan to Fax
Track & Log Scan to Folder
Minimize Disclosure
DLP – Data in Use Training
Access to Breached Data
Notable Solutions, Inc
NSi Solution Set
•
•
•
•
•
•
•
•
•
•
Vulnerability Assessment
Pin or Card Authorization
Access Control
128 Bit and SSL Encryption
Scan to Email Audit Trail
Scan to Fax Audit Trail
Scan to Folder Audit Trail
Filter and conditional routing
DLP – Data in Use Training
Access to Information
Secure Information Exchange™
Mainframes
Production Printers
Multifunction Devices
(MFDs), Network Scanners
Groupware & Collaboration
Desktop apps
EHR, or Content
Management System
Smartphones
and Tablets
File, Fax, Email
Desktop scanners
Custom Applications
EHR, Line of Business
Applications
Notable Solutions, Inc
Office Printers
Secure Information Exchange™
Line of Business
Applications
Network Folders
Multifunction Devices
(MFDs), Network Scanners
Electronic
Health Record
Email
Document Management Systems
Notable Solutions, Inc
Vulnerability and Threat Assessment Scorecard
Scan/Fax/Print System Risk Analysis
 Can anyone (even a visitor), walk up to your MFDs and copy and/or scan?
 Do you have the USB ports disabled to prevent someone scanning to USB Devices?
 Can anyone walk up to your fax machines, and fax documents…anywhere to anyone?
 When your MFDs leave your building (i.e. end of a lease), is there any confidential data stored on the MFD?
 Do your devices contain any sensitive network information stored on the device? Are device passwords yours?
 When archiving documents are you using a file format that allows for long-term preservation ?
 Is your scan and print transfer SSL encrypted?
 Are you logging all fax, copy, scan, email activity from copiers and MFDs?
 Has your organization invested in any DLP technology? If yes – how have you integrated this into your MFD architecture?
 Do you have business processes that are unnecessarily complicated with many error prone touch points, where people
print, fax, copy, scan, and mail – all within one process?
 When people fax out a document, how do you know if they typed the wrong fax number? What measures have you
implemented to mitigate this risk?
 Do people leave and/or forget print jobs near the network printer?
 Do people have the ability to email a document outside of your network? From an MFP?
 Are you ensuring scan to email and scan to folder are HIPAA compliant? Authentication, Audit Trail, etc.
 Do you have any ability to audit where scans and faxes are being routed in your organization?
Notable
Do you have
all of yourInc
print devices standardized to print output paper face down?
Solutions,
Authorization
Identify users before they gain access to copiers and printers.
NTWK USERNAME/PSWD
PIN/PIC code
Card Authentication
Notable Solutions, Inc
Access Control
AutoStore Communicator
Secure Fax
to Pharmacy
Scan to
Billing
Secure Fax
Secure
Patient Scan
Secure
Email
Forms
Printing
User Interface varies by MFD manufacturer
Notable Solutions, Inc
Secure Fax/Email/Folder with NSi AutoStore
Notification or in
Outlook Sent Folder
Any Hospital Database with ODBC
Notable Solutions, Inc
NSI Processing
Notable Solutions, Inc
Folder/Email/Fax Audit Trails
•Unique ID
Stores information in
•Authorized User any Database using ODBC
•Device IP
•Device Name
•Device Location
•Time and Date Stamp
•Intended Destination
(email, fax number, folder)
•Number of Pages
•Path to Image on File Share
Notable Solutions, Inc
Data Loss Prevention (DLP)
Data at Rest (Physical Security)
Data in Motion (Network Security)
Data in Use (Operational Security)
Notable Solutions, Inc
Data In use – Complements DLP Software
OCR
PDF Attributes
Watermarking
Notable Solutions, Inc
Data in motion – Encryption PDF Password Lock
Notable Solutions, Inc
DLP – Data in Motion
No trigger found -> Ok to Send
Store full audit trail
Invalid Filter triggered
Email admin
Notable Solutions, Inc
DLP – Data in Use
AutoStore Communicator
Secure Fax
to Pharmacy
Scan to
Billing
Secure Fax
Secure
Patient Scan
Secure
Email
Forms
Printing
User Interface varies by MFD manufacturer
Notable Solutions, Inc
Data Loss Prevention – Data In Use
Please see related videos.
Secure Fax
Notable Solutions, Inc
Fax destinations can be limited to only
approved numbers in a database.
Scan to
Folder
Folder destinations can be limited to
only those the authenticated user has
rights to send to.
Secure
Email
Emails are from the Authenticated user.
Not from [email protected]
The email will be in the users SENT
folder in Outlook. Email destinations
can be limited to the hospital domain.
Centrally Managed - Powerful & Flexible
Thousands of Devices
Notable Solutions, Inc
MFD Out of the Box – Scan to Folder, Scan to Email
or Scan to Fax could be a HIPAA Violation!
Send To Fax:
Unsecure, no
Audit Trail
Send To Email:
Unsecure, no
Audit Trail
Send To Folder:
Unsecure, No
Audit Trail
Notable Solutions, Inc
MFD + AutoStore –
HIPAA Secure
Authorization
With & Without Cards
SSL Encryption
Standard
Minimum Disclosure
Redaction Capability
Breach Reporting
Keep copy of image
Minimum Disclosure
Dynamic user displays
Send To Fax:
Unsecure, no
Audit Trail
Centrally Managed
Low IT overhead
Send To Email:
Secure Send to Email:
Sent Folder&Audit trail
Unsecure, no
Audit Trail
Send To Folder:
Unsecure, No
Audit Trail
Secure Send to Folder
Audit Trail
Secure Send to Fax
Audit Trail
Full Audit Trail
Security & compliance
Notable Solutions, Inc
HIPAA Compliance and Copiers in Healthcare
HIPAA OMNIBUS Regulations
•
•
•
•
•
•
•
•
•
•
Risk Assessment
Ensure Authorization
Control Access
Encryption
Track & Log Scan to Email
Track & Log Scan to Fax
Track & Log Scan to Folder
Minimize Disclosure
DLP – Data in Use Training
Access to Breached Data
Notable Solutions, Inc
NSi Solution Set
•
•
•
•
•
•
•
•
•
•
Vulnerability Assessment
Pin or Card Authorization
Access Control
128 Bit and SSL Encryption
Scan to Email Audit Trail
Scan to Fax Audit Trail
Scan to Folder Audit Trail
Filter and conditional routing
DLP – Data in Use Training
Access to Information

similar documents