Within most office environments, printing a document is an act that occurs so frequently that it usually happens without a moment’s thought. But within the context of a healthcare environment, where it is a legal requirement that information provided by a patient in confidence will not be disclosed in a form that might identify an individual without his or her consent, this simple act can have repercussions.
Even though healthcare workers understand and appreciate the need to protect confidential information, the act of printing is not widely considered a potential security risk in the first place.
In fact a Samsung survey of workers in European healthcare centres found that one third (34%) see patients’ personal information, typically health records and laboratory results, left on a printer. As a result, it is all too easy for confidential documents to be printed, forgotten and free for others to view.
In addition, many people don’t realise that today’s printers typically store documents on a hard disk drive. That’s why it’s important to put in place a secure data removal solution to ensure the information on the printer hard disk is irretrievable should it be stolen, leave the premises for repair, or be disposed of at the end of a printer’s life.
What’s more, if people are determined, and so inclined, unencrypted printing data can be intercepted between the personal computer (PC) and printer, where sensitive data can be easily read.
This is because the communication protocol from PC to printer is often not as secure as it could be. And, because some printer and multifunction devices are Windows-based, they can be susceptible to the same security issues as PCs and can unwittingly host viruses and malware which can cause havoc across connected systems.
Solutions to ensure confidentiality
At Samsung, we believe the response to these issues should be two-fold. On the one hand, awareness needs to be raised of the potential for printing to compromise security. But more than that, there is a need to adopt technological solutions specifically designed to make the possibility of security breaches a thing of the past.
It is possible, for example, to configure software solutions that prevent people from printing off a document – and then simply forgetting about it. In such solutions, the software ensures that a PIN code or swipe-card system is used which releases a print job only when the person who printed it is physically there to authenticate and collect the document.
Confidential printing technology also needs special software to be included as part of the solution, particularly if you want to protect your printer and network from malicious activity. These specialised security packages can effectively prevent unauthorised access to the applications that run on the printer and will stop outsiders from intercepting patient information when it is in transit from the PC. They can filter IP addresses to block outsiders gaining access to a printer and they can even prevent wireless and Bluetooth printers being accessed by unauthorised people.
From a hardware perspective, one of the most significant security threats comes from the local storage capability of modern printers. In certain industries, such as financial services and defence, it is a requirement to use printer disks that, once they have fulfilled their immediate task of printing a document, automatically erase all of the data from the hardware.
Arguably, the same should be true throughout medical institutions.
This doesn’t mean that the file should simply be deleted. If a file is merely ‘deleted’, all manner of software is available that can locate the data on a drive – and quickly restore it. However, technologies such as Samsung’s industry-leading disk overwriting solution capability can permanently destroy all potentially sensitive data on a printer’s disk so that restoration is completely impossible.
An additional hardware feature is an encrypted protocol for printing transmission, which means that it’s not possible to decipher any data intercepted between the PC and printer.
Today, with the healthcare industry becoming ever more technologically sophisticated, securing confidential information is a fundamental priority on the agenda for most healthcare IT professionals and hospital managers.
Most rightly regard the main area of concern to be the rise that has been seen in the use of Electronic Health Record (EHR) systems. However, security issues do exist elsewhere and the simple act of printing is something that should be considered.
Fortunately, sophisticated hardware and software solutions exist to address the challenge. Once the problem has been identified, the solution is readily available.
Box 1: Printing in confidence with Samsung
Samsung and its partners work closely with healthcare centres to help them secure their printing networks and increase patient confidentiality.
Security begins in the hardware itself. Our printers, for example, use an encrypted protocol for printing transmission which makes it impossible to decipher any data intercepted between the PC and the printing device. No wonder our technology exceeds the requirements for the United States Department of Defense specification for data cleaning and sanitisation (DoD 5220.22-M).
At a software level, the information contained in Samsung multifunction printers can be secured against unauthorised access using Samsung’s sophisticated SecuThru™ solution. SecuThru™ integrates with existing networks to deliver robust authentication and a secure printing environment across the entire range of Samsung multifunction printers, without the need for an additional server.
This solution enables healthcare centres to raise the security of their print environment to the same high level as their overall IT infrastructure – quickly and cost-effectively.
Beyond the printer
Beyond the printer itself, Samsung follows a proven, robust, step-by-step process – including the following tasks – to tackle medical document security:
- Evaluating the security loopholes of a medical centre’s printing network
- Adapting the printing network to reflect its unique security needs with a custom-made solution
- Controlling and securing networked printers with software and processes to stop confidential information leaks
- Collaborating with leading third-party solution providers to deliver a tailor-made security management solution.
Samsung has a range of printers that are certified by InPS, EMIS, iSOFT and Cerner to ensure that its technology is compliant with prescription printing standards