When visiting a hospital or health care organisation, one is not always in the position to query the security of their most private records. The exchange of personal information between patient and healthcare workers must be transferred in detail as to ascertain the patient’s condition and to deliver the appropriate treatment. We expect that this information held in electronic format will be handled in a secure format right up to the end of life of the data storage systems (computers/ servers).
This expectation of privacy and security, combined with legal and ethical obligations, is why government health care agencies rightly allocate considerable resources to develop policies and put into practice procedures that safeguard the vast amount of protected health collected.
Unfortunately, media reports and industry studies suggest that health information data breaches are increasing in frequency, seriousness, and economic impact in the UK; one can assume that the threats to data security in the Irish industry require monitoring. The results of the 2011 Second Annual Benchmark Study on Patient Privacy and Data Security support this trend. Conducted by the Ponemon Institute, a privacy think tank, participants representing 72 health care organizations reported that the top three causes of data breaches in health care organizations are familiar ones — lost or stolen media, third-party oversight, and human error — and ones that IT personnel already strive to eliminate.
When recycling your ICT equipment, be sure to use an authorised e-waste management and data destruction partner that will assist with your organisations computer disposal and asset disposition requirements. Non-compliant computer recycling may lead to equipment leaving your premises containing readily accessible data that could leave your agency vulnerable to a data breach threat.
Checklist before choosing an authorised recycler for computer disposal & data destruction:
Ensure that waste contractors hold a valid waste collection permit.
- i. Obtain a copy of their waste collection permit.
- ii. Check that each waste contractor is permitted to carry the waste concerned from your Local Authority (EWC – European Waste Catalogue codes for waste should be stated on the waste collection permit).
- iii. Check that the vehicle registration used to carry waste is listed on waste collection permit.
Check that data destruction is done so by CESG approved equipment (destruction to military grade)
Check that you will receive a recycling certificate and data destruction report detailing destruction methods
Ensure that all appropriate documentation – C1 form if required is completed before the hazardous or risk waste leaves site.
Ensure your waste is being taken to a licensed facility for processing i.e. processing/treatment facility.