1 / 28

15 Year History Industry Leader in Distributed Document Capture Over 30,000 installations Thousands of Healthcare Cust

About Notable Solutions, Inc. North America. Europe, Middle East, Africa. Latin America. 15 Year History Industry Leader in Distributed Document Capture Over 30,000 installations Thousands of Healthcare Customers Federal – DOD and Veteran’s Administration IDNs and Healthcare Systems

mercury
Download Presentation

15 Year History Industry Leader in Distributed Document Capture Over 30,000 installations Thousands of Healthcare Cust

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. About Notable Solutions, Inc. North America Europe, Middle East, Africa Latin America • 15 Year History • Industry Leader in Distributed Document Capture • Over 30,000 installations • Thousands of Healthcare Customers • Federal – DOD and Veteran’s Administration • IDNs and Healthcare Systems • Community Hospitals • Rehabilitation Hospitals • Surgery Centers • Home Care • Long Term Care and Assisted Living • Clinics, Doctor’s Offices, Therapist

  2. Secure Information Exchange™ Mainframes Production Printers Multifunction Devices (MFDs), Network Scanners Groupware & Collaboration Desktop apps EHR, or Content Management System Smartphones and Tablets File, Fax, Email Desktop scanners Custom Applications EHR, Line of BusinessApplications Office Printers

  3. The Common Thread

  4. HIPAA Compliant Use of Copiers in Healthcare • Compliance to HITECH Omnibus Final Rule • Ensure HIPAA Privacy Compliance • Ensure HIPAA Security Compliance • Provide for User Authentication • Provide for Access Control • Control the risk of Scan to fax and use of analog fax • Control the risk of scan to email • Control the risk of scan to folder • Provide for Encryption • Robust Audit Trail for tracking and reporting

  5. HITECH-OMNIBUS FINAL RULES • Published in Federal Register – Jan. 25, 2013 • Effective Date – March 26, 2013 • Compliance Date – September 23, 2013

  6. HITECH - HIPAA OMNIBUS Rules Compliance Starts September 23rd 2013 • IMPACT: • Greater power to OCR – Office of Civil Rights • Tighter Security and Governance • Greater Fines Civil Liability and Criminal Penalties • Greater Breach Notification Requirements • Privacy Rules and Security Rules • § 164.306 Security standards: General rules. • § 164.308 Administrative safeguards. • § 164.310 Physical safeguards • § 164.312 Technical safeguards.

  7. HIPAA Omnibus Rule Compliance Date!

  8. Civil Monetary Penalties Compliance Starts September 23rd 2013

  9. Networked Copiers (AKA MFD or MFP) • HIPAA Violations: • No Access Control • No Authorization • No Audit Trail • No Encryption • No copy of data sent

  10. HIPAA Compliance and Copiers in Healthcare HIPAA OMNIBUS Regulations NSi Solution Set • Risk Assessment • Ensure Authorization • Control Access • Encryption • Track & Log Scan to Email • Track & Log Scan to Fax • Track & Log Scan to Folder • Minimize Disclosure • DLP – Data in Use Training • Access to Breached Data • Vulnerability Assessment • Pin or Card Authorization • Access Control • 128 Bit and SSL Encryption • Scan to Email Audit Trail • Scan to Fax Audit Trail • Scan to Folder Audit Trail • Filter and conditional routing • DLP – Data in Use Training • Access to Information

  11. Secure Information Exchange™ Mainframes Production Printers Multifunction Devices (MFDs), Network Scanners Groupware & Collaboration Desktop apps EHR, or Content Management System Smartphones and Tablets File, Fax, Email Desktop scanners Custom Applications EHR, Line of BusinessApplications Office Printers

  12. Secure Information Exchange™ Line of BusinessApplications Network Folders Multifunction Devices (MFDs), Network Scanners Electronic Health Record Email Document Management Systems

  13. Vulnerability and Threat Assessment ScorecardScan/Fax/Print System Risk Analysis • Can anyone (even a visitor), walk up to your MFDs and copy and/or scan? • Do you have the USB ports disabled to prevent someone scanning to USB Devices? • Can anyone walk up to your fax machines, and fax documents…anywhere to anyone? • When your MFDs leave your building (i.e. end of a lease), is there any confidential data stored on the MFD? • Do your devices contain any sensitive network information stored on the device? Are device passwords yours? • When archiving documents are you using a file format that allows for long-term preservation ? • Is your scan and print transfer SSL encrypted? • Are you logging all fax, copy, scan, email activity from copiers and MFDs? • Has your organization invested in any DLP technology? If yes – how have you integrated this into your MFD architecture? • Do you have business processes that are unnecessarily complicated with many error prone touch points, where people print, fax, copy, scan, and mail – all within one process? • When people fax out a document, how do you know if they typed the wrong fax number? What measures have you implemented to mitigate this risk? • Do people leave and/or forget print jobs near the network printer? • Do people have the ability to email a document outside of your network? From an MFP? • Are you ensuring scan to email and scan to folder are HIPAA compliant? Authentication, Audit Trail, etc. • Do you have any ability to audit where scans and faxes are being routed in your organization? • Do you have all of your print devices standardized to print output paper face down?

  14. Authorization Identify users before they gain access to copiers and printers. NTWK USERNAME/PSWD PIN/PIC code Card Authentication

  15. Access Control AutoStore Communicator Secure Fax to Pharmacy Scan to Billing Secure Patient Scan Secure Fax Secure Email Forms Printing User Interface varies by MFD manufacturer

  16. Secure Fax/Email/Folder with NSi AutoStore Notification or in Outlook Sent Folder Any Hospital Database with ODBC

  17. NSI Processing

  18. Folder/Email/Fax Audit Trails • Unique ID • Authorized User • Device IP • Device Name • Device Location • Time and Date Stamp • Intended Destination • (email, fax number, folder) • Number of Pages • Path to Image on File Share Stores information in any Database using ODBC

  19. Data Loss Prevention (DLP) Data at Rest (Physical Security) • Data in Motion (Network Security) Data in Use (Operational Security)

  20. Data In use – Complements DLP Software OCR PDF Attributes Watermarking

  21. Data in motion – Encryption PDF Password Lock

  22. DLP – Data in Motion No trigger found -> Ok to Send Store full audit trail Invalid Filter triggered Email admin

  23. DLP – Data in Use AutoStore Communicator Secure Fax to Pharmacy Scan to Billing Secure Patient Scan Secure Fax Secure Email Forms Printing User Interface varies by MFD manufacturer

  24. Data Loss Prevention – Data In Use Please see related videos. Fax destinations can be limited to only approved numbers in a database. Secure Fax Folder destinations can be limited to only those the authenticated user has rights to send to. Scan to Folder Emails are from the Authenticated user. Not from copier-A@hospital.com. The email will be in the users SENT folder in Outlook. Email destinations can be limited to the hospital domain. Secure Email

  25. Centrally Managed - Powerful & Flexible SQL DB DocuWare Fax Server Email Servers OnBase Oracle/SQL DB Central Data Center LOB\Hospital Applications EHR Systems Thousands of Devices

  26. MFD Out of the Box – Scan to Folder, Scan to Email or Scan to Fax could be a HIPAA Violation! Send To Fax:Unsecure, no Audit Trail Send To Email:Unsecure, no Audit Trail MFP ONLY Send To Folder: Unsecure, NoAudit Trail

  27. Authorization With & Without Cards MFD + AutoStore – HIPAA Secure SSL Encryption Standard Minimum Disclosure Redaction Capability MFP + AutoStore™ Breach Reporting Keep copy of image Minimum Disclosure Dynamic user displays Send To Fax:Unsecure, no Audit Trail Centrally Managed Low IT overhead Secure Send to Email:Sent Folder&Audit trail Send To Email:Unsecure, no Audit Trail MFP ONLY Secure Send to Folder Audit Trail Send To Folder: Unsecure, NoAudit Trail Secure Send to Fax Audit Trail Full Audit Trail Security & compliance

  28. HIPAA Compliance and Copiers in Healthcare HIPAA OMNIBUS Regulations NSi Solution Set • Risk Assessment • Ensure Authorization • Control Access • Encryption • Track & Log Scan to Email • Track & Log Scan to Fax • Track & Log Scan to Folder • Minimize Disclosure • DLP – Data in Use Training • Access to Breached Data • Vulnerability Assessment • Pin or Card Authorization • Access Control • 128 Bit and SSL Encryption • Scan to Email Audit Trail • Scan to Fax Audit Trail • Scan to Folder Audit Trail • Filter and conditional routing • DLP – Data in Use Training • Access to Information

More Related