Healthcare Information Security

HIPAA and Compliance News

Why virtualization doesn’t mean the end of paper-based risks

By Kyle Murphy, PhD

- Virtualizing health information systems allows healthcare organizations and providers to mitigate the risk that sensitive patient data is stored locally and therefore made vulnerable to unauthorized access. “As they virtualize, it gives the doctor the convenience of a desktop without the security risk because when they log out of a workstation or move from one station to another, the session is following them but not any of the actual data itself,” says Aaron Fu, Vice President of Software Development at UniPrint, a developer of printing virtualization solutions.

Despite its ability to increase the ease of use for providers, virtualization introduces a new problem as roaming clinicians are still tied to a physically tethered piece of hardware located throughout their organization that is of serious importance to them — the printer. “Virtualization gives them more security. But at the same time, with that it is hard enough for the medical application to know exactly where the doctor is,” argues Fu.

Although the healthcare industry is going virtual, providers still need to print. These printing jobs can range from medical records and clinical summaries to prescriptions and lab orders. As a result, current virtualization tools only solve one half of the problem and do not safeguard against unauthorized access caused by incorrectly routed or recovered printing project. “It always a concern in terms of information being printed and not being picked up by the right people or left on the printer,” observes Fu.

“If you have a situation where the application works perfectly fine because it’s run locally,” he continues, “but as they virtualize the session now roams and the medical applications are not capable of knowing that that session has moved from zone 1 to zone 2. So when the doctor prints something, it went to the wrong printer and now there’s a big panic.”

According to Fu, the solution to this problem comes in the form of secure pull printing in which clinicians print to a private cloud where the print job is printed virtually, stored, and ultimately retrieved by an authenticated (i.e., authorized) recipient at a printer of their choosing.

While this would seem to provide resolution, getting physicians and other medical staff to add another step to their clinical workflows proves to be somewhat of a challenge. “On the other hand, it’s also a more complicated way than doctors may like,” he explains. “They want to walk over and the job is printed and they pick it up. It defeats that purpose.”

So what’s keeping healthcare organizations and providers from completely eliminating the need for physical printing? Why not move to a purely virtual environment leveraging mobile and peripheral devices?

“The digital world is obviously meant to avoid printing anymore, but obviously that’s not happening or it takes longer than you think,” says Fu. “As mobile devices become a phenomenon — that is, everyone has one in his pocket — then maybe printing to my pocket or tablet becomes something real. Obviously, we’re looking at all of this, but it’s not a reality yet. Not everybody has an iPad or iPhone or smartphone so that we can use it for releasing or displaying a print job. It will still be a lot of time before everybody will be able to take advantage of it.”

Were healthcare as industry more fully equipped to support a paperless environment, then the risks of paper-based health data breaches would be a thing of the past. “We are doing everything we can, but the adoption rate really depends on how well the user are getting into the digital world,” concludes Fu.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...