The ABC Guide to Secure Printing
We did the secure printing demo at the HIMSS New Orleans this March. For the upcoming HIMSS AsiaPac 2013 in HongKong, we will again demo extensively on the secure printing solution with VMware Horizon View. This blog will share the design concept and why you should care about secure printing for HIPAA compliance.
Secure Printing allows a user to print a document, which is not immediately sent to a printer, but sent to a secure print queue. At a subsequent time, the user may release the document to be physically printed through a variety of signal mechanism, i.e. MFP printer menu control or proximity card two-factor authentication (2FA) dongle attached to network based printers.
Within healthcare, secure printing is a necessary feature, especially within the constraints of HIPAA. Because patient data is not to be available to any person except designated care givers, leaving patient documents sitting on a printer exposes healthcare businesses to liability.
To support HIPAA, Print Jobs must be logged to include:
- Print job submission need to show date, time, user and, if possible, application and document name;
- Print job release event;
- Print job error and/or resubmittal;
- Print job success;
- Print job deletion;
- Print job moved to storage;
- Print job moved to different owner queue.
We will talk about the technical architecture and design flow on “Print Job Creation” and “Print to a Print Job” in the next “The ABC” blog series.
There are many secure printing solutions including JetMobile, ThinPrint, and PrinterLogic etc which are compatible with Horizon View Client-Agent communication model. Here is a little story from JetMobile to walk you through “the day in a life” of a print job.
VMware View and Jetmobile SecureJet: A Short Story
Dr. Anderson had a very busy day at the hospital. That night he worked from home to catch up on paperwork. Although he was able to remotely access his desktop to work on patient charts, he was not able to print. He could have easily printed to a printer at the hospital, but the documents would have printed and been left on the output tray unattended. He couldn’t risk violating HIPAA policies and exposing patient charts by printing without physically being present to retrieve the documents. He would have to wait to print until he returned to the hospital the next day.
Upon arriving at the hospital, Dr. Anderson realized his preferred printer was being serviced. He couldn’t use the nearest printer down the hall, because he didn’t know the IP address or printer name. Unfortunately, the printer on the cardiovascular floor was the only one he was sure of, but it was also very far away.
Reluctantly, Dr. Anderson sent his document to the printer on the cardiovascular floor. After 139 paces, two left-turns, one right-turn and a short elevator ride to the 4th floor, he finally arrived at the printer…and somebody else was printing. This was a big problem because that ‘somebody’ was printing a 200-page document. Dr. Anderson was going to be waiting awhile.
After a very unsatisfying lunch, Dr. Anderson returned to the cardiovascular floor to retrieve his document. To his surprise, his document was not at the printer. His mind raced. Did it print? Did it get thrown away? Did someone take it? The document he printed was very confidential. Dr. Anderson now found himself in an ethical dilemma. Not to mention, he was potentially in a lot of trouble because the document he printed contained personally identifiable information for some of his patients.
On his way to report the incident, Dr. Anderson pulled out his tablet to write some notes for later. His notes were automatically sent to his smartphone and synchronized with his office computer. He couldn’t help but ask himself, “Why can’t my print jobs follow me wherever I go, just like my notes?”
Dr. Anderson’s story represents a common problem. Desktop virtualization software from VMware has significantly increased mobility, convenience and efficiency in the workplace. With virtualization in place, users are no longer concerned with where, when or how to access their desktop. However, desktop virtualization can further complicate the task of printing documents. A user may move between floors throughout the day easily accessing their desktop as needed. Eventually, a time will come where printing is necessary. When selecting ‘Print’, the user will be faced with all sorts of printer options that could look something like this:
It may be that the user has been at the organization long enough to have memorized one or two of the most ‘reliable’ printer names, but the challenge is that the list will change every time it is accessed from a different workstation. Printers can also be moved, so an IP address or printer name can be misleading or unreliable. It is also possible users may learn to navigate the challenges associated with printer-location awareness, but may run into problems keeping documents confidential, or print to a device that is in use or out of order.
Fortunately for Dr. Anderson and the entire mobile workforce, virtualization now extends to the printing environment. Jetmobile’s SecureJet Enterprise allows a user to print anywhere, from any device in the building. SecureJet eliminates location awareness by utilizing a single print queue. Remember that long list of available printers? With SecureJet, no matter what desktop you are printing from, it will look like this:
The user doesn’t have to remember the printer IP address, printer name, or where the printer is located. Users can already access their desktop from any PC workstation. Why not be able to print from anywhere too?