Recently, we’ve been blessed to partner with healthcare networks that have placed their trust with ER2 in handling their asset disposal, but more importantly, their sensitive data.
While people have been focused on the news of breaches that involve their financial data, they tend to forget about their medical record data, which poses a much larger threat. In fact Forbes reported that in 2016 there were nine times more medical records breached than financial, representing 27 million people, or 10 percent of the population. It makes sense: financial data allows criminals to steal your money, but medical records are even more rich in data, giving crooks access to you and your entire family’s information, including social security numbers, addresses, demographics and insurance information.
So, as vigilant as we are with every piece of equipment we receive that contains data, our health care customers are governed by standards that demand additional consideration. This in turn impacts of all of our processes involved from the moment we touch their devices to the time they are received and the data destroyed at our secure sites.
What does secure destruction in the health care environment look like?
It Starts with Personnel
Every person that is charged with receiving, transporting, and handling data-containing equipment undergoes background checks, are fingerprinted, have undergone and passed NAID training and possess a thorough understanding of requirements through HIPPA, which is health care’s overreigning standard-bearer for patient privacy.
We may be ahead of the game as well, as the Lean philosophy we started ER2 with charges all of us to be better through continuous improvement. Customers in healthcare are welcome as it reminds us that there is no “good enough” and that no matter how routine a process is, we must constantly evaluate how we implement and execute our processes to troubleshoot and eliminate any potential mistakes or waste. Our employees, therefore, always have a keen eye to what will add value to our customers, and in the case of healthcare, what will also add a measure of confidence.
We also help our partners succeed by working with their personnel to adopt practices and processes that will set them up for a successful transfer when we arrive at their doorstep. We’ve made it our commitment to focus on health care clients because of the special sensitivity and care needed with their devices. As much as we review our plans, we seek to review the plans of our partners’ IT departments to protect them as part of our desire to be responsible to them.
Continue with Accountability
Every step of the ITAD process is documented, and the added layers of healthcare compliance requirements demand that we stay current and keep our customers abreast of where their assets are once they leave their possession.
We maintain membership and certifications with NAID, and are OSAS 18001, ISO 14001 and ISO 9001 compliant. Beyond that, our certifications include compliance with NIST standards, and those specified by HIPAA and HITECH, the Sarbanes-Oxley Act, the Gramm-Leach-Billey Act and others. These certifications apply not just to our people, but our facilities that store data-containing equipment, our trucks, and the bins that contain assets to ensure that they are locked and secure, with a chain of custody plan in place before a pick up is ever begun.
Our dedication to transparency and accountability has brought the development of our customer portal, which allows our ITAD customers to see the progress after we’ve picked up their assets. They can also access needed documents like certificates of recycling and certificates of destruction at any time.
The portal will also give customers a level of reporting that allow them to measure progress of their asset disposition, its value, and its meaning for the communities that will end up benefiting from the resale of their refurbished equipment.
Maintain and Ensure a True Sense of Partnership
The healthcare industry is no doubt challenging with regard to the disposition of electronic assets, and it’s not likely something that every ITAD company can tackle. We’ve just chosen to make this segment a focus of our partnerships to help them continue to make a positive impact on the community and environment. We admit, it’s not easy work, but we embrace it as a privilege to work alongside our healthcare partners for the greater good.