October 03, 2025
3 Hidden Risks in Healthcare Print Management
Sarah Beale
Safeguarding protected health information (PHI) is mandatory for every healthcare company. HIPAA compliance depends on it. However, not every organization gives consideration to a potential cybersecurity and physical security threat to PHI—their printers. In July, we partnered with MedCloudInsider to show the risks that healthcare IT leaders may be overlooking, featuring Vasion Director of Public Sector Sales Steve Kelley and The TechChannel Partners' Results Group Senior Resultant Howard M. Cohen. Among other risks, they discussed the problems with print infrastructure, how unreliable critical print can delay patient care, and why legacy print systems hinder future HIPAA compliance. The entire presentation is available below (cookies must be enabled to view video).
Loading...
#1 Print Infrastructure Can Expose PHI
According to the HIPAA Journal, the PHI of over 276,775,457 people was exposed or stolen in 2024. Certainly not all of that was due to printing, but there are two major ways that printing can expose PHI.
Print Servers
As Howard pointed out, regardless of whether data is siloed in a healthcare company, it still regularly passes through a print server whenever anyone needs to print anything. This means that if the print server is breached, anything that’s been printed via that print server could potentially be exposed. “This makes print servers the one place cyber thieves, cyber criminals love. Most cyber criminals love print servers,” Howard said. “They love printers because that's where they can enter into networks.”
Lack of Physical Security for Print
Howard presented a scenario during the presentation where someone prints a document, but then gets a phone call. While they’re on the call, the document is sitting on the printer, unguarded. Even if the person who printed it doesn’t forget to pick it up, anyone walking by could take the document or look at it. This type of physical security is also covered by HIPAA law, requiring that healthcare companies implement practices that prevent these kinds of exposures.
#2 Inability to Print Can Delay Patient Care
We may live in a rapidly digitizing world, but paper certainly hasn’t disappeared. This is readily apparent in healthcare settings where patients fill out paperwork to check in, doctors consult paper charts, and care instructions are printed for patients about to be discharged. If printing stops, it may require troubleshooting from the IT team. Every minute of troubleshooting delays care when a provider is waiting on a printout and, in a hospital setting, those minutes can be the difference between life and death. Print also puts pressure on clinical staff members who are already overworked. Even something as simple as refilling the paper tray of a printer takes time.
A second category of printing that healthcare relies on is label printing. What happens when a patient needs to be admitted and the hospital can’t print wristbands? Or if a pharmacy needs to prepare a prescription, but can’t print the label for the bottle? These both cause delays which can also lead to adverse outcomes for patients.
#3 Legacy Systems Hinder HIPAA Compliance
In January, the Department of Health and Human Services (HHS) issued a proposed rule to improve healthcare data security. Organizations hoping to remain HIPAA compliant will have to comply with the updates. “This means that yes, Health and Human Services will be increasing regulatory scrutiny of the cybersecurity practices of healthcare organizations,” said Howard. “You can be guaranteed if you felt HIPAA was stringent yesterday, just wait for tomorrow.”
Legacy devices are ill equipped to meet modern cybersecurity standards. These devices don’t provide visibility into potential print security events and don’t allow users to proactively monitor and respond to threats. They also lack thorough audit trails and control to ensure printed information is properly protected. With HIPAA violations potentially costing up to $1.5 million in a year and possible jail time, healthcare leaders need to get ahead of their print management problems now.
The Key to Print-Related Healthcare Data Security
HIPAA compliance can’t be completely solved through technology. In fact, it’s not quite accurate to describe a cloud print management system as HIPAA compliant, as Howard pointed out. “HIPAA does not certify products. You, the client, have to be HIPAA certified. They have to certify your organization, your function as being compliant with HIPAA regulations. Now, there are products that help you achieve HIPAA compliance, and there are products that don't help you and they're actually products that hinder you. But the products themselves, no, they're not HIPAA compliant.” So, what do those products that help you achieve compliance look like?
Full Audit Trails
A full audit trail will track who has access to and printed PHI. During the presentation, Steve specifically pointed out the auditing capabilities of Vasion Print. “Now, part of [HIPAA] enablement is we have full audit and tracking of every print job, no matter who printed it, who picked it up and when it was printed out and which device it was printed to.”
Data Encryption
Data that’s being printed isn’t always encrypted, making it an appealing target for cyber criminals. In Vasion Print, data is encrypted both in transit and at rest. Steve also pointed out that removing print servers from the equation offers further data protection. “When a user clicks file print, it's going to go from that workstation directly to the printer,” he said. “So [Vasion doesn’t] have access to that data, which is great from a PHI and HIPAA compliance perspective, but also means if we go offline or our service wasn't available or couldn't be connected to, printing is still successful.”
Physical Data Security
The earlier example of printing a document, then getting distracted by a call is one example of a common problem. How do you ensure that documents are only collected from printers by people who should have access to the information? The Vasion Advanced Security Add-on includes Secure Release Printing, which only sends a print job to the printer when the user is standing at the printer and inputs a code, scans their badge, or releases the job on the app. Users can also delegate the job to someone else, maintaining security while allowing another authorized person to collect the printout.
Real-World Examples
Saber Healthcare manages print across over 125 locations. When they began looking for a print management system, they needed a scalable solution that could handle a highly distributed print environment. Vasion Print met their needs and the Advanced Security Add-on went a step further. “Secure Release Printing will make it easier for us to be compliant with the PHI and HIPAA regulations,” said IT Senior System Engineer Adam Dishong. “Like every company, we’re looking to save costs and limit the amount of printers that we have onsite. By having security features to protect patient information, we’ll be able to reduce the size of our fleet and ask end users to walk around the corner to pick up their print job.”
Fortunately, these solutions also save time and money. Our user-friendly self-service portal lets employees easily install printers on their own without needing to call IT. Another customer, Kingston Healthcare, was printing nearly 300,000 pages monthly and had 15 print servers. When PrintNightmare hit, it exposed the security risks of print servers and the company began looking for alternatives. Using Vasion Print (at the time, PrinterLogic) they no longer have to maintain print servers, saving the company $70,000 annually. Beyond eliminating print servers, the company also eliminated over 500 hours each year in IT time that they used to have to spend fixing print issues.Avoid Print Management Risks
Advanced print management software helps healthcare companies manage HIPAA requirements, both for cybersecurity and physical security. Protecting sensitive information is more manageable with print management solutions. To stay ahead of future requirements, organizations need to start looking at upgrading their print infrastructure now. Explore Vasion Print for yourself and see how you can use our security features to enable HIPAA compliance.