BMN Blog

APR 03

According to the Ponemon Institute – www.ponemon.org  - the average cost of a data breach was $3.62 million dollars. This breaks down to $141 dollars per stolen record. International Data Corporation – www.idc.com – estimates that globally data storage will grow ten-fold by 2025 total of 163 zettabytes (a trillion gigabytes) by 2025. Data is stored in a vast range of devices including your smart phone, laptops, notebooks, workstations, tablets and even on your smart TV. Most businesses focus on the technical aspects of how to avoid data breaches (firewalls, anti-virus, security patches, etc.) and often how physical technical assets are destroyed at the end of their life are often overlooked or do not have a set process in place.

What happens to company’s technology assets is rarely at the top of anyone’s list but it should be. The fines and cleanup tasks for losing, misplacing or having someone steal or dumpster dive to recover ePHI are similar to having a network breach and the hacker gaining access to data. The “Wall of Shame” - https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf does not differentiate between types of breaches other than to state generally how they occurred.

What needs to be done to ensure that we have protected our data when we destroy our technical equipment?

Do you have the proper documentation in place to record all items that have been disposed of? It is very important that the processes used for destruction as well as what was disposed of is properly recorded. This documentation is very important should an issue arise.

  • Your company policy book needs to clearly state the process that must be followed for technical equipment destruction.
  • You should either have access to (if you use a vendor for destruction) or maintain an electronic or paper log of each device that is disposed of. It should contain the serial number of the device(s), the date of destruction and how destruction occurred.    
  •  

Do you have the ability to securely dispose of data storage on site at your clinic? Most often the answer to this is no. Secure destruction is done by various means:

  • Hard drives from computers and laptops are formatted – Just formatting a drive will NOT remove the data on it. In order to do this special software must be used that “scrambles” the data so it cannot be recovered. This process is typically used when the equipment or drives will be reused or donated to charity as they leave the device functional.
  • Destruction of the hard drives – This is done by various means and usually encompasses Drilling the drives (with a drill press) and then crushing them. By doing both, the destruction and ability to reconstruct the data that resides on them is assured.
  • Drive shredding – This is almost certainly done by a company that specializes in technical equipment destruction. A machine similar to a wood shredder – in goes the drive and out comes hundreds of little pieces.

It can be a daunting task to document the processes used to destroy technical assets effectively and safely. There are a variety of IT service companies and disposal companies that focus on secure destruction in the greater Birmingham, Montgomery and Huntsville areas that can help you with them.  

Bookmark and Share
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: