Learning the Hard Way About Your Hospital’s Hard Drives
It happened on October 31, 2017. An employee at the Chilton Medical Center in Pequannock, New Jersey stole and sold a hospital hard drive containing almost 10 years of stored patient information, including patients’ names, dates of birth, addresses, allergies, medications and medical record numbers.
Although hospital hard drives typically also contain Social Security numbers, financial information or descriptive medical records, this specific stolen drive did not. Even so, Pequannock Police Department Captain Christopher Depuyt explained that any time there is a compromise of personal information, albeit something small and local or on a grander national or international scale, the number one concern is identity theft.
“Any bit of information is a potential for a problem for someone regarding identify theft,” he said. “But then start compounding it – putting one, two, three pieces of information together, and a good scammer or a good hacker will just weave that together and before you know it someone is bilked out of sometimes lots of money.”
This is especially true when the information from a hospital’s hard drives is combined with individuals’ personal information already available on their public social media pages. The results can be incredibly compromising.
“All of those things contain personal information, and those are all bits and pieces of things that criminals can useSave to put together a dossier and a profile on someone to commit some kind of theft by fraud.”
Of course, the Chilton Medical Center had a policy that disallowed employees tampering with or stealing hard drives and offered as much recovery response as was possible for their patients whose information had been compromised.
But are you prepared for such a worst case scenario?
Guarding Your Patients’ Information on Hard Drives
In the healthcare industry, you collect a large amount of protected health information (PHI) from your patients. It’s part of the process. You work to safeguard that information according to HIPAA guidelines and other regulations, but what happens to the physical documents and hard drives once you’re not using them anymore?
Considering the position that the Chilton Medical Center found themselves in after this egregious breach, it would be wise for you to take a close look at how you dispose of your own documents and hard drives after they’re no longer in service. The risks are too great for any delay in protecting your patients’ information!
Safeguard Your Hard Drives’ Data
As Captain Depuyt explained, bits and pieces of collected information can create a trail towards identity theft and fraud. Therefore, it’s important that you ensure the complete and total destruction of documents and hard drives that contain any level of personal information.
Identity theft is not something to take lightly… especially when it can be traced back to your hospital! That’s why it’s important to go the extra mile and partner with a document and hard drives destruction company that is also dedicated to the highest level of compliance.
The secure destruction company you choose should be familiar with and abide by all federal regulations for the various industries that require proper security measures are taken with customer, corporate and patient information, including:
- Fair and Accurate Credit Transaction Act (FACTA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Sarbanes-Oxley (Public Company Accounting Reform and Investor Protection) Act
- Gramm-Leach-Bliley (Financial Services Modernization) Act, and the
- Payment Card Industry Data Security Standard (PCI DSS)
Avoid Issues by Asking Questions
Before partnering with a reputable destruction service, you should be confident that they will work hard to ensure that your data will not be distributed, stolen or recovered after you choose to dispose of it. Be prepared to ask pertinent questions regarding security protocols before signing on the dotted line:
- Can destruction be completed on-site? If not, how will your hard drives be securely transported to the destruction facility?
- Upon arrival at the facility, how long are your items likely to remain there awaiting destruction? Will they be inventoried and stored in a locked, monitored area?
- Are employees thoroughly screened? Is the facility monitored around the clock?
- What destruction methods will be used? Degaussers? Shredders? Disintegrators?
- What proof will you have that items were actually destroyed? Will the destruction of your items be logged and certified in writing?
Ask lots of questions…
Contracting with a local company like Secure Destruction in Huntsville and Birmingham, is your first step towards protecting your hospital, your reputation, and your patients. To request a FREE QUOTE, contact the experts at Secure Destruction today!