While health reform has increasingly encouraged hospitals to adopt digital workflows and EHRS, paper has hardly gone away. It is still heavily utilized at most facilities for patient records, billing, and other documents.

HealthCare Business News spoke to Dan Waldinger, Director of Services and Solutions Marketing at Brother International, about the compliancy challenges that hospitals face when using paper documents in an increasingly digital health care industry.

HCB News: What have you heard from health care organizations who are trying to maintain compliance of both digital and physical records?

Dan Waldinger: It’s a real challenge for medical offices, clinics, group practices, administrative services providers, and hospitals of all sizes. While there are many efforts to ensure EHR systems are better able to “talk” to each other and to other health information systems, the day-to-day experience is still rooted in paper and in the need to print, copy, scan, and fax paper documents. Health care organizations need to be mindful of how they deploy office devices to minimize the risks created through non-compliance.

HCB News: When we think of potential compliance lapses, like stolen laptops, accidentally shared records, and data breaches, come to mind. But printers and scanners can also put health care organizations at risk if not properly utilized, correct?

DW: Absolutely. Consider this: A patient’s file needs to be printed out, but the physician or nurse who initiated that print job is suddenly diverted before retrieving those records. The documents sit on the printer for anyone to see. Another common compliance lapse revolves around paper files being scanned to the network or cloud with the originals left in the device. Granted, everyone is human – and things happen in a busy medical practice - but these compliance errors can be preventable.

HCB News: What can health care organizations do to prevent innocent lapses in compliance?

DW: It’s critical to have very clear policies in place to ensure documents are not left unprotected and they are only seen by approved staff. Such policies and procedures aren’t cookie-cutter, though. They should be tailored to the organization’s size, scope and personnel. HIPAA and HITECH aren’t one-size-fits-all regulatory regimes either. Best practices for data privacy and security demand attention to the specific operating environment of each and every health care provider.

More Voices