You secure patient data in your practice – password protected computers remain behind locked doors and you’ve encrypted your data. But how sure are you about your trash?
With 1.5 million medical identity theft victims in the U.S. yearly, it’s no wonder the Federal Trade Commission is so concerned about careless rubbish disposal.
The back door of a healthcare facility is a treasure trove for dumpster divers, and discarded electronic equipment is too often overlooked. Data loss and other health IT complications ranked 5th on the ECRI Institute’s Top 10 Health Technology Hazards for 2011, and yet many hospital personnel still aren’t aware that commonplace devices like photocopiers contain hard drives rich in valuable information.
With the advent of EHRs and health IT systems in healthcare facilities comes an outbreak of computers and electronic mobile devices, leaving patients expecting a higher degree of data security. Unfortunately, dated systems are piled up and forgotten, making these dumpsters a haven for restricted personal health files.
With that said, how can you ensure your practice is properly disposing of electronic equipment?
Reuse
If upgrades will no longer help your computer equipment perform its designated tasks, look for reuse opportunities within your organization. Many older systems are still very capable of handling basic administrative tasks. Keep in mind, however, that hospitals and practices should comply with HIPAA requirements for IT end-of-life management before deeming electronics fit for reuse.
You may also hire a responsible IT asset recovery partner to find a market for used equipment. Donating computers to non-profits like RECONNECT or the National Cristina Foundation is an equally viable option if the technology isn’t outdated and data has been properly sanitized, a process where all data is wiped but the OS remains installed. Moreover, computer donations to charities like Computers with Causes are tax deductible.
Practices should exercise this option with caution, seeing as many non-profits can’t afford to inspect each donation, so offering equipment sans a monitor or sufficient wiring isn’t advisable.
If these requisites cannot be met, recycling is recommended.
Recycle
When reuse is not an option, recycle or resell all computer equipment in accordance with federal, state and local laws. Wipe data in accordance with a National Institute of Standards and Technology or Department of Defense standard.
First, develop a comprehensive policy for disposal procedures and decide whether you want staff or an IT Asset Management and Disposal (ITAD) service provider to carry them out.
Next, dismantle electronic devices either manually or via mechanical destruction, leaving only component materials to be reclaimed and sent to their respective markets for final processing.
Remember that a responsible IT partner may charge a fee to properly wipe and dispose of all computer equipment, but should also offer indemnification for misuse of information or data leaks. Furthermore, ensure e-recyclers aren’t partaking in illegal practices, i.e., exporting hazardous waste overseas, which is prevented under the OECD and Basel Convention treaties.
Contact organizations like R2 Solutions to find a Responsible Recycling Practices (R2) and e-Steward-certified e-recycler for your hospital or practice. Ask about the state of their recycling facilities, worker safety regulations and HIPAA and RCRA compliance services before making a sensible decision.
How important is proper disposal of electronic healthcare equipment in preventing data misappropriation?