Get Live Chat Request a Callback Get live demo

← Back

You have upgraded your office equipment – now what?

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

It is important to realize that many of the devices in your office may contain patient information, even after you are no longer using the devices. Information can be stored in hard drives and memory that is on circuit boards and if the information finds it way into the wrong hands you have a HIPAA Violation.

A high-profile case involved the resale of photocopiers that contained huge amounts of patient information. That event happened in 2010, and in 2013 Affinity Health settled the case with the Office for Civil Rights for $1.2 million dollars. That event was featured on CBS News.

What devices do you have in your office that may contain patient information?

  • Fax machines
  • Printers
  • Copy machines
  • Imaging machines (such as ultrasound)
  • Computers
  • Laptops
  • Tablets
  • Removable hard drives
  • Flash drives
  • Your cell phones

Yes, even your cell phones! If you have texted back and forth with patients or have taken clinical pictures with your cell phones they will contain protected patient information. So, the question becomes what do I do with these devices?

Hard Drives that are in good working order can be wiped with Department of Defense Grade Software. You can do this yourself but then you are taking on the full responsibility of doing this right. The best way to dispose of old electronics is to use a R2 certified electronics recycling vendor. An R2 certified vendor is a vendor that is certified to security, and proper destruction of your electronics. In this manner somebody will never be able to use one of your devices to get access to patient information. A visit to the EPA website provides information on R2 certified recyclers.

A R2 certified recycler will:

  • Guarantee the destruction of data on all media using industry-standard practices. If you have sensitive data, the best way to destroy it is by device for example by hard drive, leveraging the serial number of the device. With methodology, you will receive a serialized Certificate of Destruction.
  • demonstrate compliance with all applicable standards for environmental protection, data security, and human health prior to certification.

Due to the number of devices that you have in your practice and the amount of data that may be present on those devices, data destruction may no longer be a do-it-yourself project. If you have a knowledge of IT and have the time and resources you can still clean all phi off these devices yourself, but if you do not have all the tools you need, it is probably in your best interest to contract with a R2 certified electronics recycler, get a HIPAA Business Associate Agreement and then send all of your retired electronics to that company. It may also be in your best interest personally to send your personal electronics to an electronic recycler. This way you will also protect yourself from identity theft.

It is important to remember healthcare breaches cost organizations $6.45 million per breach, the highest cost per breach for nine years in a row. The average cost for per breached healthcare record ($429) is more than double any other industry. (Source: ICM 202 Cost of a Data Breach Report https://www.ibm.com/security/data-breach)

In healthcare, we are at the center of the data security storm, and the sooner we bring our policies and procedures in step with industry standards, the better protected we will be from becoming a victim of a HIPAA data breach. For more information on how to improve your policies and procedures and to get started on a HIPAA Security Program in your office please, reach out to TLD Systems at http://www.tldsystems.com or call (631) 403 6687.



Avatar photo
Michael Brody, DPM
Dr. Brody has been actively involved in computers and medicine since the 1980s. He is a Residency Director at a VA hospital located in Long Island, NY. Notably, he was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees must adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick. They wanted to create a platform for private practice doctors that provides a cost-effective method of implementing HIPAA compliance in their practices. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-chair of the EHR workgroup at Health Level Seven International (HL7). He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)

Topic:


Other Resources Related to This Topic


No results found