HP Security Platforms Enable Access Control for Printing of Patient Data

HP has added new security features in its access-management services to protect patient data at the hospital printer or scanner.

Hewlett-Packard is offering new features for its access-management security services to allow health care providers to meet Health Insurance Portability and Accountability Act requirements.

Its Access Control service allows health care personnel in areas such as admissions, nursing stations and records departments to secure access to patient information at printers and scanners.

Users will need to enter an LDAP before printing, copying or scanning. The printer then authenticates back to a network's Active Directory, which matches the user's credentials.

The upgrade to Access Control is one of several new developments HP announced Sept. 10 as it looks to develop a security practice for its managed services.

Access Control offers print authentication, auditing, authorization, accounting and secure "pull" printing capabilities. The latter allows organizations to print to a network and access a document from a smartphone or other devices. This method reduces the amount of unclaimed documents at printers, HP reported.

Pull printing capabilities are scalable across an organization, according to HP.

Although HP has offered Access Control for three years, the company is now concentrating the product on verticals, such as health care, Michael Howard, HP's worldwide security practice lead for managed services, told eWEEK.

"Health care is growing in a tremendous way," said Howard.

Along with that growth comes a need to protect patient information as concerns about security grow in health care and other industries.

Access Control allows health care providers to meet Health Insurance Portability and Accountability Act (HIPAA) requirements by allowing them to control and manage access to printers. It works with electronic health record (EHR) applications to authenticate the identity of those employees printing patient information.

"A lot of hospitals are already using HP Access Control but just integrating tighter with their [EHR] systems," said Howard.

The product allows health care providers to keep an audit log to track who's scanning, copying and printing protected health information (PHI), HP reported.

HP also announced that Imaging and Printing Security Assessment allows health care providers to meet HIPAA requirements by identifying risks of data breaches from data leaks. Avoiding data breaches is an area of focus in health care as the industry suffers from underinvestment in security.

Access Control can analyze unattended documents and track data processing from computers to print devices to make sure data doesn't leak to unauthorized health care workers.

The product can currently authenticate users on HP printers, but HP is planning to expand this capability to other manufacturers' devices, said Howard.

To use Access Control, health care providers can insert a smart card or proximity card into the printer.

"Access Control allows you to enter in your password info on a display panel or scan one of your badges," said Howard. "That authenticates who you are and makes the decision on what you're allowed to do on your device. Once it knows your identity, it releases the document."

The tool sits on top of the HP Imaging and Printing Security Center application, which streamlines the deploying and monitoring of devices with a single security policy.

Security Center offers password protection and allows health care facilities to secure printers, establish a security policy and track documents.