HIPAA Copier Setup for Medical & Dental Offices

Your office prints, scans, and copies protected health information (PHI) every day. Patient charts. Insurance forms. Lab results. Referral letters. Every one of those pages passes through your copier, which means your copier is a HIPAA concern whether you have thought about it that way or not.

In 2010, Affinity Health Plan was fined $1.2 million by the Office for Civil Rights. A CBS News investigation had found their PHI on the hard drives of copiers they had leased and returned without sanitization. Since then, copier-related HIPAA violations have continued. Most of them are preventable with a setup that takes about an hour.

This guide walks you through what HIPAA actually requires for copiers. We cover the specific configuration steps that get a practice compliant. We also cover the questions to ask your copier dealer before you sign a lease.

Quick answer: what HIPAA requires for your copier

• There is no “HIPAA-compliant copier” out of the box. HIPAA compliance is about policies, configurations, and processes, not equipment.
• Your copier dealer is a business associate. You need a signed Business Associate Agreement (BAA) with them.
• The hard drive in your copier stores PHI. It must be encrypted, image-overwrite enabled, and properly sanitized at end of lease.
• User authentication is required. Anyone who can use the copier should have a PIN, badge, or login.
• Scan-to-email must be encrypted in transit using TLS.
• End-of-lease drive sanitization must follow NIST 800-88 standards with a written certificate of destruction.

The rest of this guide explains each of these and what to do about them.

Why this matters

HIPAA violations are not theoretical. The Office for Civil Rights (OCR) investigates and fines covered entities for PHI exposure all the time. A single breach can cost a practice tens of thousands to millions of dollars in fines. Add the cost of breach notification, credit monitoring for affected patients, and reputation damage in your community.

Copier-related breaches are particularly bad because they are preventable. When OCR investigates and finds your copier was set up wrong, they will not give you the benefit of the doubt. The standard they apply is what a reasonable, prudent practice would have done. If “reasonable and prudent” means encryption, BAAs, and proper sanitization, and your practice did not do those things, you are exposed.

The good news: getting your copier HIPAA-aligned is mostly a one-time setup conversation with your dealer. Once it is done, you do not have to think about it again until the lease ends.

The 7 HIPAA requirements that apply to your copier

1. Business Associate Agreement (BAA) with your copier dealer

Why this matters: Your copier dealer’s technicians service the machine. They may pull hard drives for repair, retrieve diagnostic logs, or access stored documents during troubleshooting. Any vendor who could access PHI is a business associate under HIPAA, and you must have a signed BAA with them.

What to do: Before signing a lease, ask the dealer for a HIPAA Business Associate Agreement. A good dealer for medical practices has one ready. Read it before signing.

Where people get this wrong: They assume the lease contract covers HIPAA. It does not. The BAA is a separate document.

2. Hard drive encryption

Why this matters: Modern copiers store images of everything they scan, print, or copy. If the drive is not encrypted and someone removes it from the machine, every PHI document the copier has ever touched is recoverable.

What to do: Ask your dealer to confirm in writing that the copier’s hard drive is encrypted with AES-256. On Canon and HP copiers, this is usually a setting in the admin panel that needs to be turned on. It is often off by default.

Where people get this wrong: They assume encryption is on because the brochure mentioned it. Encryption being available is different from encryption being enabled.

3. Image overwrite

Why this matters: When a print or scan job finishes, the temporary file should be overwritten with random data so it cannot be recovered. This is separate from encryption.

What to do: In the copier’s admin panel, enable “immediate image overwrite” (Canon) or “secure erase” (HP). Most copiers can also run a periodic overwrite of all free space.

Where people get this wrong: They confuse this with a factory reset. A factory reset does not overwrite the drive. Recoverable data stays on the drive after a factory reset.

4. User authentication

Why this matters: HIPAA requires you to restrict access to PHI to authorized personnel. If anyone in your office can walk up to the copier and scan a patient chart to any email address, you do not have access control.

What to do: Enable user authentication on the copier. Options include PIN codes, proximity badge readers (the same ones for your office doors), or login from the copier’s touchscreen.

Where people get this wrong: They turn authentication on but use a single shared PIN for the whole office. That defeats the purpose. Each user needs their own credential so the copier’s log shows who did what.

5. Secure print release

Why this matters: Without secure print release, a doctor sends a patient summary to the copier from their workstation. They walk down the hall to pick it up. By the time they get there, someone else has grabbed the wrong stack and walked away with PHI.

What to do: Configure “secure print” or “follow-me print” so that print jobs sit in a queue until the user walks to the copier and authenticates. The job only prints when the right person is standing in front of the machine.

Where people get this wrong: They install the feature but never train staff on it. Staff keep using regular print because it is faster, and the documents keep landing in the open tray.

6. Encrypted scan-to-email

Why this matters: When the copier emails a scanned document, that email travels across the internet. Without encryption, anyone monitoring traffic can read it. Sending PHI in an unencrypted email is a HIPAA violation.

What to do: Configure scan-to-email to use TLS 1.2 or higher. Your email server has to support TLS on the receiving end too. If you use a HIPAA-compliant email service (like Paubox, Hushmail for Healthcare, or a properly configured Microsoft 365 with encryption add-on), the encryption is usually already there.

Where people get this wrong: They set up scan-to-email with the cheapest configuration the dealer offered and never check whether TLS is actually being used.

7. End-of-lease drive sanitization

Why this matters: This is what got Affinity Health Plan fined $1.2 million. When the copier leaves your office at end of lease, the hard drive goes with it. If the drive is not properly sanitized, every PHI document on it goes too.

What to do: Get end-of-lease sanitization language in your lease contract before you sign. The standard to ask for is NIST 800-88, which is what HHS guidance points to. Specify that you want either physical destruction of the drive or cryptographic erase with a written certificate of destruction.

Where people get this wrong: They wait until end of lease to ask. By then, they have no negotiating power and the dealer may charge $200 to $500 for proper sanitization, or worse, not do it at all.

Where most practices get this wrong

They buy a copier without thinking about HIPAA first. The dealer quotes them a machine, they sign, and only later does the office manager realize HIPAA never came up.

They sign the lease but not the BAA. The lease is the legal document for the equipment. The BAA is the legal document for PHI handling. You need both.

They configure one or two of the seven items and assume they are compliant. HIPAA is not a checklist where 4 out of 7 is a passing grade. Every requirement that applies to your practice needs to be addressed.

They train the new copier user but skip the existing staff. Anyone who touches PHI on the copier needs training on secure print release, scan-to-email, and authentication. The dealer should provide this at install.

They never document the configuration. When OCR investigates a complaint, they ask for documentation. “We have encryption on” is not enough. You need a written record of which settings are enabled, when they were set, and who set them.

Benefits of getting this right

When your copier is set up correctly for HIPAA, you get:

• Audit-ready documentation. If OCR investigates a complaint, you can produce a written record showing reasonable safeguards were in place.
• Real breach protection. Encryption, authentication, and sanitization actually prevent PHI exposure, not just paper over it.
• A defensible position with patients. If you ever have to send a breach notification, having strong safeguards in place affects how patients and regulators perceive the incident.
• A copier you can trust. Your staff can focus on patient care instead of wondering whether what they just scanned is going somewhere safe.

What to do before you lease your next copier

1. Pull together your HIPAA Security Officer or compliance contact. They need to be part of the copier decision.
2. List every place PHI flows through your office. Patient charts, lab results, insurance forms, referral letters. Anything that touches a copier is in scope.
3. Request the dealer’s BAA in advance. Read it before signing the lease.
4. Ask the dealer to walk you through the seven settings above. Get written confirmation each one will be configured at install.
5. Negotiate end-of-lease sanitization language with NIST 800-88 standards and a written certificate of destruction.
6. Document the configuration. Keep a written record of every HIPAA-related setting and when it was enabled.
7. Train your staff at install and again annually. Document the training.

Where to find more information

For the official OCR guidance on copiers and medical equipment, search “OCR copier guidance” on HHS.gov. The Federal Trade Commission also published a “Copier Data Security” guide that is worth reading.

We covered the general copier security risks in Why Office Copiers Are a Hidden Cybersecurity Risk. The HIPAA-specific layer adds the BAA requirement, the documentation requirement, and the OCR enforcement context, but the underlying technical settings are the same.

How Pahoda helps medical and dental practices

Pahoda has been writing copier leases for over 20 years. We sell and service Canon and HP copiers nationwide, and we work with medical and dental practices regularly. We understand both the equipment side and the compliance side.

When you lease a copier through Pahoda for a covered entity, here is what is included:

• Business Associate Agreement signed at lease start. Standard for every healthcare customer.
• All seven HIPAA-related settings configured at install. Encryption, image overwrite, authentication, secure print release, encrypted scan-to-email, and audit logging.
• Written configuration record. You get a document showing exactly which settings are enabled, signed by our technician.
• Staff training at install and annual refresher training if you want it.
• End-of-lease sanitization to NIST 800-88 standards with a written certificate of destruction. No surprise fees.

If you are a medical, dental, or other covered entity and you want a copier setup that is HIPAA-aligned from day one, request a quote here. Tell us roughly how many providers you have and what kind of volume you print. We will send a written proposal in one business day with the BAA included.

Patient trust depends on the systems behind your practice. Your copier should be one of the systems that earns that trust, not one that puts it at risk.

This article is for general information only. It is not legal or compliance advice. HIPAA compliance involves more than copier configuration. Talk to your HIPAA Security Officer or a healthcare compliance attorney about your specific practice.