Explanations of payment. Explanations of benefits. Applications. Checks. Patient statements. These key member and provider touchpoints still occur on paper, even as healthcare payers move to digital.

Paper carries potential risk. Almost everything a payer prints contains valuable protected health information (PHI) such as social security numbers, birthdates, insurance coverage identification, and payment information. If not carefully protected, printouts can be picked up off a printer tray for internal fraud or exfiltrated from the printer's hard drive by hackers. Even accidental PHI exposure can put a payer at risk for Health Insurance Portability and Accountability Act (HIPAA) violations. To improve efficiency while protecting sensitive information, healthcare payers must consider their entire print process carefully.

A recent cyberattack on 150,000 printers showed how vulnerable internet-connected printers are to hackers, printing messages like "You are now part of Flaming Botnet."¹

1. Ensure the Physical Security of the Printer

When it comes to cybersecurity, IT departments spend most of their time worrying about outside attacks. However, the reality is that the most egregious data breaches emanate from within. That’s why the first step for print security is to secure the printer.

Ensure network transport settings are set to Secure Socket Layer (SSL)/TLS 128 bit encryption or higher.
Harden print devices by eliminating open ports that are not absolutely needed.
Consider placing the printer in a controlled area that only authorized employees can access.
Disable physical ports for thumb drives and other data storage devices.

61%

of large enterprises admitted suffering at least one data breach through unsecure printing.²

2. Ensure Cybersecurity of the Printer

Enterprise-class printers like the ones used by healthcare payers are as exposed to access as any other endpoint on your network. Secure the printer just as you would a workstation. Security precautions include:

Reviewing the printer for unauthorized open ports.
Changing the default username/password.
Keeping firmware up to date.
Installing regular security updates from the manufacturer.
Overwriting and erasing data as soon as the print job is complete.

50%

of printer data breaches occurred due to interception over the network.³

3. Authenticate Users at the Device and Utilize Pull Printing

Pull printing only releases a document after the user authenticates at the printer using a PIN number, badge, or biometric identification. This prevents sensitive documents from sitting exposed or being forgotten on the printer tray.

1 in 5 consumers who experienced a healthcare data breach changed their insurance company.⁴

4. Leverage Both Authentication and Authorization

Controlling access through authentication keeps unauthorized users at bay and also makes it simple to restrict device features, such as scanning, printing in color, or emailing to certain users or groups. This solution helps ensure documents are sent to the correct printer while scans are sent to the user's email or network folder, keeping documents and scans from going to the wrong printer or person.

5. Protect Faxes from Prying Eyes

Healthcare payers receive a significant amount of payment and patient information via fax. Configure the device to password protect incoming faxes so only the appropriate person can access it.

10%

of healthcare print volume is related to fax.⁵

6. Protect Documents as They Travel Both Inside andOutside Your Domain with Enterprise Digital Rights Management (EDRM)

Sophisticated EDRM technology can protect confidential PHI at the file level. It gives document owners the ability to prevent copying, modifying, printing, and even granting or revoking access at any time and anywhere.

Encryption: Utilize encryption to protect document data during file transmission and storage.
Digital signatures: Embed the username and/or device serial number into any document to enable notification if changes are made.
Rules-based printing and distribution: Assign rules to documents, content types, and keywords to ensure the user has permission to view, copy, paste, save, print, and share.
Secure watermark: Discourage unauthorized copying by printing documents with a secure one-time watermark that only shows if a copy is made.

7. Monitor and Track Printing at the User and Document Level

In the case of an audit, it will be crucial to be able to prove compliance or trace unauthorized use. Use a centralized auditing tool to manage access, to control, set, and update policies, to oversee users and activity, and to run audit reports on usage. This will ensure audit logs for every successful and unsuccessful document access request are recorded.

SOURCES

Cybersecurity Insiders, "Cyber Attack Launched on 150,000 Printers Working Worldwide."
Quocirca, "Print Security" An Imperative in the IoT Era, January 2017
Ibid
Health IT Security, "26% of Consumers Report PHI Stolen in Healthcare Data Breach," Feb. 21, 2017
Becker’s Health IT & CIO Report, "Three Steps to Achieving Document Efficiency in Healthcare," April 25, 2017

To learn more about how you can secure print, visit csa.canon.com/security.