Whether or not you support the growing use of Electronic Health Records (EHR) to help physicians manage their patients and support their treatment, there is no doubt that the practice is reshaping how healthcare professionals do their jobs. These systems are connecting doctors with their patients in new and expanded ways. But that connection comes with greater risks of inadvertently exposing patients’ records to the world.
It has become a fact of life that personal information is “out there” and needs to be protected for the entire life cycle of the devices that store that information.
Electronic Health Records (EHR) or Electronic Medical Records (EMR), and healthcare providers that use them have similar responsibilities in that EHRs and EMRs store and manipulate patient records. They include information about a patient’s illnesses and treatments. All of this and more is considered Personally Identifiable Information (PII).
Healthcare providers and systems are being hit with cyberattacks at a growing rate, much like other industries that hold personal records. In 2021, 578 healthcare systems reported a data breach of some kind. This impacted the records of over 41 million patients. A healthcare system and its members have a greater responsibility when it comes to privacy.
Ever received a notice that your healthcare equipment is at or near the end of its life?
Unlike many industries, the healthcare industry actually has rules and regulations regarding the protection of PII, including in the end-of-life replacement of electronic devices. The Health Insurance Portability and Protection Act (HIPPA) requires healthcare providers to ensure that data is removed and destroyed from a hospital or medical facility’s electronic devices before they are replaced or recycled. This includes devices that most wouldn’t realize could store medical records:
- Computer Components
- Electrocardiogram machines
- EKG monitors
- Imaging equipment (e.g., X-ray, CT Scanners, MRI)
- Phone systems
While the requirements are in place, not all healthcare IT departments or outsourced recycling companies are aware of the requirements or how to effectively and responsibly recycle electronic waste (eWaste). Healthcare facilities have to be cognizant of the requirements, as well as the capabilities and expertise of the people and companies charged with eWaste recycling in their facilities.
A certified eWaste disposal facility is a proven partner with healthcare facilities and equipment disposal.
A recycler certified in eWaste disposal knows the steps required to keep PII inside a healthcare facility, and not resting in recycled equipment that could wind up in an auction [LINK to Morgan Stanley blog]. There is also the opportunity for additional transparency in the process when dealing with an experienced eWaste recycler.
Safe and effective eWaste recycling has an impact on the protection of personal information. It is part of the financial industry, as well as other industries, but nowhere is it more important (and more regulated) than in the healthcare industry. For these reasons, Healthcare facilities, from doctor’s offices to hospitals that employ EHR and EMR technology must plan for equipment end-of-life recycling. It is a task that cannot be left up to chance.
Mayer Alloys Corporation, in partnership with OmniSource Electronics Recycling, an R2 Certified Recycler, provides peace of mind that you are disposing of your organization’s electronic waste safely and responsibly. All electronic waste is recycled in an R2 Certified facility. All hard drives are destroyed, and Certificates of Destruction are provided. For more information about electronic recycling check out our Ultimate Guide To Corporate Electronic Recycling and reach out to firstname.lastname@example.org for more information. Contact us today to see how we can meet your needs!