Shred-it Calls on Healthcare Leaders to Make Sure Patient Information is Secure
"Healthcare administrators selling or disposing of used photocopying machines may inadvertently do so without removing and securely destroying the hard drives that contain private medical information," says Vincent R. De Palma, President and CEO at Shred-it, a company that serves over 1,500 hospitals and clinics worldwide.
In fact, more than 60 percent of Americans do not realize that copiers contain a hard drive that stores images, according to a recent CBS report. In the healthcare environment, information stored within copier hard drives may include personal patient data.
Releasing this sensitive information to unauthorized third-party organizations or individuals is a privacy violation and an information security threat that can potentially lead to identity theft and fraud. It is also a direct violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which includes provisions safeguarding the privacy of patient health records.(1)
Shred-it's special offer of free copier hard drive destruction to every healthcare organization in the U.S. that signs a Customer Service Agreement and becomes its client in 2010 addresses this issue and raises awareness of the importance of destroying all sensitive information that is no longer needed, in both electronic and paper form.
"At Shred-it, our mission is to help organizations protect the privacy of their clients' information. Our message to healthcare leaders is - when it comes to protecting the confidentiality of your patients, the best medicine is prevention, and the best prevention is physically destroying sensitive information that is no longer needed. Our 'shred-all' policy extends to paper-based and other information sources, such as copier hard drives."
Sensitive medical information, exposed by a security breach, may be used by unauthorized parties to obtain medical treatments, benefits and prescription drugs or to tap into the victim's insurance and bank accounts. The World Privacy Forum estimates the number of medical identity theft victims to be between 250,000 to 500,000 people each year.
In the healthcare organizational context, the cost of a security breach can be dire, including the pain and frustration of the loss of privacy, time, money and, in some cases, health, if a patient is misdiagnosed and receives wrong medical treatment as a result of fraudulently altered medical records.
Common security risks in the healthcare context include:
To prevent these incidents, Shred-it has a number of information security recommendations for the healthcare sector:
-- Copier hard drives, laptops, external storage drives and back-up devices and other sources with sensitive medical information stolen, misplaced or not destroyed securely when the information is no longer needed -- Confidential paper documents disposed of in recycling boxes or garbage bins. -- Patient records faxed to the wrong place -- Plastic hospital patient cards misplaced or stolen -- Medical information erroneously posted on the Internet -- Medical files left unattended in file rooms, on staff desks and in door folders; or unrestricted physical access to sensitive medical files
You May Also Like