Archive for the ‘R2/RIOS’Category

One easy solution for Hospitals to comply with HIPAA

Over the past several years, advances in technology for medical and lab equipment have been exploding, rendering new-ish, cutting edge equipment obsolete often before there is time for wear and tear. So where does the out-of-network technology go when its taken its last breath to make room for the even more cutting edge equipment? There are solutions to keeping all this metal and plastic out of the waste stream and comply with regulations set forth by HIPAA.

In addition to medical equipment, hospitals also generate other types of electronic waste such as out-of-use computers, monitors, copy machines and a host of other items referred to as e-Waste. Most importantly, these types of electronic waste do require secure handling of the sensitive data that is contained on their hard drives and other data containing devices.

Photo by renjith krishnan

Photo by renjith krishnan

Hospitals do seem to be cognizant of the piles of un-needed apparatus, and do make attempts to find solutions for proper disposal. Many often turn to asset re-sellers, who buy out-of-use equipment and sell them on the secondary market. But is it safe to give these materials to un-certified vendors who may not comply with HIPAA regulations?

It is crucial that hospitals turn to certified, and secure electronics recyclers who have the ability to handle all of the different types of e-Waste, and to be able to destroy the data contained on electronic devices in line with the standards set forth by R2/RIOS, as well as to comply with the standards set forth by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

What is HIPAA? In 1996, the Health Insurance Portability and Accountability Act or the HIPAA was endorsed by the U.S. Congress. The HIPAA Privacy Rule, also called the Standards for Privacy of Individually Identifiable Health Information, provided the first nationally-recognizable regulations for the use/disclosure of an individual’s health information. Essentially, the Privacy Rule defines how covered entities use individually-identifiable health information or the PHI (Personal Health Information). Hospitals and health care facilities of all kinds must comply with these regulations.

Hospitals must consider their large amount of electronics waste and examine secure, safe solutions for handling all of these out-of-use assets. Hospitals need to look for a vendor that offers secure and certified IT Life Cycle Management services, who also offer strategic solutions for the handling of off network technology.

If you are looking for a certified, safe solution to properly and securely dispose of ALL of these different types of e-Waste, turn to PCS of Massachusetts. They are skilled in handling the vast amounts e-Waste generated by hospitals, and provide secure on-site destruction of hard drives and other data-containing devices; while also offering effective and strategic asset re-marketing solutions.

PCS is R2/RIOS certified and meets/exceeds the regulations put forth by not only HIPAA, but by the Department of Defense (DoD), Environmental Protection Agency (EPA), National Security Agency (NSA) and the National Institute for Standards and Technology (NIST).

DON’T BE A 20/20 INVESTIGATION

The last thing you want is to have David Muir ringing your doorbell because an employee left a laptop at Starbucks. This is how data breaches can start, and you are left holding what’s left of your reputation in a paper bag.

Did you ever consider how much information is on your cell phone, IPad and laptop? Think about all the hardware in your office that also contains sensitive data. What happens to it all when you upgrade your hardware? Are PCs stuffed into closets or are they donated without giving thought to the information on the hard drives? If you are part of a corporation or government office, one discarded, geriatric computer could mean utter destruction of your reputation and revenue.

Fortunately for us, there are measures we can take to make sure your data is safe after electronics have worn out their use.

“R2/RIOS™ certification is solely for electronics recyclers to demonstrate to customers that electronics equipment is being recycled with the highest standards for environmental protection, worker health and safety, and data privacy, and facility security. R2/RIOS™ is a combination of the Responsible Recycling (R2) Practices and the Recycling Industry Operating Standard™ (RIOS™).

R2 was developed by a broad-based cooperative of electronics recycling stakeholders that included the U.S. Environmental Protection Agency (EPA), state governments, manufacturers, recyclers, trade groups and non-governmental organizations. RIOS™ is the sole program on the market that combines quality, environmental, health and safety requirements in a single management system.”*

The National Institute of Standards and Technology (NIST) has also developed guidelines for data destruction and e-Waste security to protect your name from being added to this list.

NIST 800-88 Hard Drive Destruction/NIST 800-88 Data Destruction Guidelines: This document assists organizations in implementing proper and applicable techniques and controls for hard drive data disposal. Even the Internal Revenue Service follows the guidance set forth by NIST. Along with NIST, The National Security Agency (NSA) and the Health Insurance Portability and Accountability Act (HIPAA) also uphold strict regulations.

Compliance requires more than simply shredding or erasing hard drives. Proper reporting is required under NIST 800-88. The following information is only a portion of the guidelines set forth by the National Institute of Standards and Technology.

Wiping: “Wiping” a hard drive refers to using specialized software to purge a drive of all accessible data. The upside to this method is that the device is still usable after the process because nothing has affected the hardware.

The downside is that wiping software cannot be guaranteed. The process is lengthy, tedious and open to human error.

Degaussing: Degaussing involves a process where a hard drive is exposed to a high powered magnetic field which changes the alignment of the magnetic domain where the data is stored, thus “erasing” the data.

When functioning properly, the process can be effective. However this process is lengthy and also affected by human error.

Shredding: Shredding is the safest and the most secure option for data destruction because the hard drive or device is physically shredded into tiny particles.

The benefits of shredding? The process is fast and final. You can choose to watch it happen either in person or by video so you can be assured that all your items have been properly disposed. Afterwards, you will get a certificate of destruction.

Although there are different options for handling your data destruction needs, shredding is the only fail-safe solution to guarantee that your sensitive information never ends up in the wrong hands.

*R2/RIOS