Computer Disposal — Healthcare Top 3 Data Breaches

When vis­it­ing a hos­pital or health care organ­isa­tion, one is not always in the pos­i­tion to query the secur­ity of their most private records. The exchange of per­sonal inform­a­tion between patient and health­care work­ers must be trans­ferred in detail as to ascer­tain the patient’s con­di­tion and to deliver the appro­pri­ate treat­ment. We expect that this inform­a­tion held in elec­tronic format will be handled in a secure format right up to the end of life of the data stor­age sys­tems (computers/ servers).

This expect­a­tion of pri­vacy and secur­ity, com­bined with legal and eth­ical oblig­a­tions, is why gov­ern­ment health care agen­cies rightly alloc­ate con­sid­er­able resources to develop policies and put into prac­tice pro­ced­ures that safe­guard the vast amount of pro­tec­ted health collected.

Unfor­tu­nately, media reports and industry stud­ies sug­gest that health inform­a­tion data breaches are increas­ing in fre­quency, ser­i­ous­ness, and eco­nomic impact in the UK; one can assume that the threats to data secur­ity in the Irish industry require mon­it­or­ing. The res­ults of the 2011 Second Annual Bench­mark Study on Patient Pri­vacy and Data Secur­ity sup­port this trend. Con­duc­ted by the Ponemon Insti­tute, a pri­vacy think tank, par­ti­cipants rep­res­ent­ing 72 health care organ­iz­a­tions repor­ted that the top three causes of data breaches in health care organ­iz­a­tions are famil­iar ones — lost or stolen media, third-party over­sight, and human error — and ones that IT per­son­nel already strive to eliminate.

When recyc­ling your ICT equip­ment, be sure to use an author­ised e-waste man­age­ment and data destruc­tion part­ner that will assist with your organ­isa­tions com­puter dis­posal and asset dis­pos­i­tion require­ments. Non-compliant com­puter recyc­ling may lead to equip­ment leav­ing your premises con­tain­ing read­ily access­ible data that could leave your agency vul­ner­able to a data breach threat.

Check­list before choos­ing an author­ised recycler for com­puter dis­posal & data destruction:

Ensure that waste con­tract­ors hold a valid waste col­lec­tion permit.

  • i. Obtain a copy of their waste col­lec­tion permit.
  • ii. Check that each waste con­tractor is per­mit­ted to carry the waste con­cerned from your Local Author­ity (EWC – European Waste Cata­logue codes for waste should be stated on the waste col­lec­tion permit).
  • iii. Check that the vehicle regis­tra­tion used to carry waste is lis­ted on waste col­lec­tion permit.

Check that data destruc­tion is done so by CESG approved equip­ment (destruc­tion to mil­it­ary grade)

Check that you will receive a recyc­ling cer­ti­fic­ate and data destruc­tion report detail­ing destruc­tion methods

Ensure that all appro­pri­ate doc­u­ment­a­tion – C1 form if required is com­pleted before the haz­ard­ous or risk waste leaves site.

Ensure your waste is being taken to a licensed facil­ity for pro­cessing i.e. processing/treatment facility.

Page 1 of 3 | Next page