Electronic Waste Management in Medical Facilities
Jan 20, 2016
When you have to constantly think about what waste goes into which container, it’s easy to get so absorbed that you lose the sight of other important things. You could be diligent in putting sharps in shutter-proof containers, but at the same time you might throw away a CD with a client’s tooth X-ray into the trashcan under your desk. If you know what’s wrong with this scenario, the word HIPAA has probably crossed your mind. Indeed, there are many other types of waste you need to worry about besides the bloody gauze and IV tubes. We’ve talked a bit in the past about HIPAA compliance during PHI disposal and best medical record keeping practices. But today we want to explore in more detail the types of electronic and computer waste produced by your facility and what to do with it.
Electronic and Computer Waste in Medical Facilities
Most medical facilities collect vast amounts of data about their patients and employees. From scheduled appointments to lab results and vaccination records, there are many kinds of personal information you gather and store in your facility. Thankfully, it’s not all on paper anymore like in the good old days, which also presents certain challenges.
In a typical medical facility, you may expect sensitive information to be stored on:
- Internal and external hard drives
- Portable USB drives and memory cards
- Zip drives and floppy disks
- CDs and DVDs
- Audio and video tapes
When these devices and the data on them are no longer needed, it’s important to make sure that they are unreadable. Not only is this required by law, but it’s also a common sense practice to prevent identity theft. This can be achieved in a few different ways.
Destroying Sensitive Digital Data
There a few secure ways to destroy sensitive digital data stored by your facility. Of course, the most secure way is total destruction by shredding, grinding or melting. Once that’s done, there is really no way to put the pieces back together and retrieve what was on the storage device. However, this approach is not always practical. Many times, digital storage devices can be recycled or reused in a different department within your facility. What do you do then?
Don’t Just Delete
You are probably familiar with the panic that sets in when you delete an important file by accident. But even after you put it in a recycling bin and empty the bin, the file is not really gone. It’s erased from the index, so you can’t connect to its location, but it’s still on the drive. With some knowledge and determination, the “deleted” information can be extracted from a storage device. Even if the hard drive appears “dead” and inaccessible, it is still not safe to just throw it in the trash.
Demagnetizing Storage Media
Magnetic media, such as hard drives, floppy disks and ZIP disks use magnetization to both read and record data on the device. Under the influence of a strong magnet, this magnetic field can be permanently impaired, so the storage media will be rendered useless. You will need specialized equipment to demagnetize (degauss) a hard drive or similar media—the regular household and even some commercial-grade magnets won’t work. Here is a video explaining how degaussing works.
Overwriting Storage Media
If you plan to reuse or recycle your device, you can overwrite it to erase all information on it. There is specialized software that can place a new layer of zeros and ones in place of your existing data, making it unreadable. For better security, several overwrites can be performed. Overwriting doesn’t put new information on top of the old one—it randomizes the patterns in which the data used to be stored. Once that’s done, you can install a new operating system or upload other types of files to your storage device.
Keep in mind that overwriting can be used only on re-writable media. For example, some CD and DVD disks can only be used once to record information. You can’t add any more files or delete files off such a disk. If you need this information erased, the media will have to be physically destroyed.
Other HIPAA Considerations
Get Secure Recycling Containers
If you are shredding paper or disposing of other types of sensitive data on your premises, consider placing this waste in secure, lockable containers. Dumpster diving for personal information is nothing new, and even finely shredded paper can be pieced back together with some effort.
Ask your medical waste removal vendor if they offer secure containers. At BWS, we carry several options of lockable containers and can even do the shredding for you at our secure facility. After the paper is shredded, we send it to a recycled paper mill or an incinerator, depending on your preferences.
Take Measures Against Hacks
It’s your responsibility to ensure the safety of your internal networks and protect digital information from hackers. Although there is never a 100% guarantee your databases or website won’t get hacked, there are some things you can do to reduce this possibility. Using secure servers, secure email and secure forms should be your first steps. Making sure each of your computers is equipped with an up-to-date anti-virus software is also important. This is a bit outside of our area of expertise, so talk to your webmaster or IT person to discuss your options.
And if you have questions or need help with electronic waste recycling or destruction, contact BWS. If you wish to donate your old computers, we can help you with that as well. BWS has partnered with a recycling facility that securely reuses old hardware to provide computers to Baltimore City Schools.
"I’ve been using Biomedical Waste Services, Inc. for nearly 20 years! I’ve had superior customer service since day one with no surprises on our invoices."
- Dr. Kim