An often overlooked policy is related to how companies dispose of equipment. If you are a covered entity (take insurance and/or medicare), if you are a financial professional, or work with a covered entity you MUST think about this. Many breaches occur because managers ignore or forget to secure information before sending equipment out the door.
So what do we need to consider?
- Is the protected information encrypted?
- Do you have a backup of the data, in case you ever need it again?
- Can the hard drive be removed and kept until it can be destroyed on premises?
- Is the equipment going to be recycled or donated to another company and can you get a certificate of destruction?
These questions can be part of a procedure that is taught to your staff. The goal is to show that you are taking reasonable steps to protect patient information and make it hard for an auditor to show your staff was negligent.
So, the next time you need to replace your computers, make sure no protected data is exposed, get documents in place to protect your business and information and HAVE a policy that applies to computers, laptops, tablets, phones, copiers and any device capable of holding protected information.
Make sure to ask someone for help if you have questions. We are available at 512-336-2970.
Luis Delgado is a father, husband, community resource, speaker, and entrepreneur who founded The Critical Update, inc (TCUINC) in 2003. TCUINC is a technology consulting firm that has evolved from basic computer support to affordable technology consulting, network management, outsourced IT and cybersecurity. Our clients come from every industry in Central Texas.
Luis is a certified HIPAA professional and is focused on helping business owners create more jobs for Texas families.