Patient data safety: Don’t leave it to the laundry department!
Twice this spring, sensitive medical data from major New York hospitals were copied onto flash drives, exposing patient medical data to anyone who might find the drives.
These were not spent server hard drives or sophisticated backup drives. These were simple flash drives — the kind you can buy at the checkout counter for $5, or order in a box of 500 with your company logo on it.
Luckily for the University of Rochester Medical Center, the flash drive ended up in the medical center laundry, and the drive was rendered useless.
Before it was discovered in the wash, it is suspected that no one found the data from 537 patients, including name, date of birth, weight, gender, telephone number, URMC internal medical record number, orthopedic physician name, date of service, diagnosis, diagnostic study, procedure, and complications. This data was clearly covered under HIPAA, and needed to be protected and secured properly.
Patient medical data at risk
Employees at Upstate University Hospital in Syracuse were not so lucky. Their portable electronic device ended up not in soapy water, but in the hands of a thief.
Data from 283 patients, including their names, diagnoses, and dates of birth, were left unsecured on a laptop, which was stolen from a hospital employee.
Hospital officials say there was no evidence any of the data was used by the thief, but patients were notified.
If doctor’s office receptionists need to worry about covering up the names of patients written on the sign-in clipboard, how much more vigilant must IT professionals be when keeping patient medical data safe? Well, much more!
Preventing patient data from being copied in the first place is good idea. Enabling controlled user access to data stored centrally (and available via secure web access) would eliminate the need for staff to copy files onto laptops and flash drives.
Still, hundreds or thousands of laptops, mobile devices, flash drives and other loose media already contain such data. How can IT professionals convince busy physicians, surgeons, nurses and interns to comply with data safety regulations?
Why not make it as easy as tossing a device into a special “trash can”?
Onsite data destruction
Onsite data destruction is the best defense against loss of patient medical data from loose media, retired desktops, laptops, mobile devices, flash drives, and failed server hard drives.
At many hospitals, doctor’s offices and medical centers, students and interns make up a significant part of the skilled staff with access to medical data. Data destruction should be as easy as dropping drives, disks, and media into a secure bin on the way out the door. Even a resident running on four hours of sleep can do that!
Meet Tear-A-Byte®, TechR2’s solution to secure onsite data destruction. TechR2′s Tear-A-Byte® solution utilizes leading edge technology, providing secure containment and onsite data destruction with our NSA certified degausser.
For each project you will receive a serial number report and a certificate of destruction to store for future audits. This is critical in case of a suspected data breach. For state-funded institutions, it is even more critical to have a paper trail to prove your compliance with data security measures.
More complex jobs can take advantage of TechR2’s more advanced systems.
Are your hospital’s executives ignorant of the risks of data stored on flash drives, hard drives and other loose media? Be kind and inform them of recent court cases, and present simple and effective solutions such as the TAB®. Information about compliance with HIPAA and other federal guidelines governing data privacy can be found here.