Businesses in the healthcare industry collect a lot of sensitive data from their patients, including their billing information, Social Security number, and medical history. Healthcare businesses are expected to comply with the Health Insurance Portability and Accountability Act (HIPAA), which outlines how data must be protected after it has been collected. But unfortunately, many healthcare companies are making mistakes that could leave their confidential data exposed. Here are some of the most common data storage mistakes in the healthcare industry:
Storing Devices in Unsafe Locations
Confidential data is often acquired through hacks, but it doesn’t have to be. Sometimes, the data can be obtained simply by stealing the device that holds it. This is a risk that every healthcare company must plan for, but unfortunately, many of them fail to do so. Businesses within the healthcare industry should never keep data-containing devices in storage rooms that any employee or customer could easily access. If computers, laptops, tablets, and other devices are stored in unsecure locations, there’s no telling who will gain access to confidential data.
This is one of the most common data storage mistakes, but it’s also one of the easiest to fix. If you currently have these devices in a storage room, the room should be locked and only a handful of employees should have access to it. However, the best way to handle devices that are no longer needed is to dispose of them with the help of an e-waste recycler instead of letting them stay on-site.
Failing to Identify Devices With Data
Healthcare professionals often make the mistake of failing to identify which devices contain confidential data that needs to be protected. Everyone knows that devices such as laptops, smartphones, and desktop computers can hold data, but there are other devices that are often overlooked in the healthcare industry. For example, many healthcare professionals do not know that data can be found on copy machines and printers that contain hard drives. Any document that is copied or printed using one of these devices can be found on the hard drive. Other devices that are solely used in the healthcare industry, such as medical imaging tools, can also store data that needs to be protected. But, if healthcare professionals do not realize that these devices store data, they won’t make an effort to ensure they are secure.
Storing Devices For Too Long
Some healthcare businesses get in the habit of putting all their old devices into a storage room and forgetting they exist. But, this is not a good idea. You should never keep data-containing devices in storage for an extended period of time. The longer that these devices sit in storage, the more likely it is that someone will gain unauthorized access to them. The best way to protect the data is to destroy it using a reliable ITAD vendor. Review your business’s current policy to determine if you are keeping devices in storage for too long before having the data destroyed. The sooner that you can get rid of the devices that you no longer need to operate the business, the safer the data will be.
Some professionals within the healthcare industry may think they are doing their part to protect data by overwriting it so no one else can access it. But, that’s not the case. Overwriting data is not an effective—or HIPAA compliant—way to destroy data. Anyone that is somewhat tech-savvy can easily recover the data that you believe is destroyed, so this should not be part of your data storage and destruction strategy.
Failing to Teach Employees About the Importance of Protecting Data
Senior level employees may understand how important it is to protect data, but it’s very likely that other employees do not. Lower level employees are typically the ones that are working with patients and inputting their data, which means they need to know about data storage. If an employee that works with data on a regular basis does not know how to keep data secure, the business’s confidential data is at risk. These employees may use passwords that could be easily guessed, leave their log-in information written down somewhere for others to see, or remain logged in at their computers even when they are not present. If any one of these mistakes is made, your data could fall into the wrong hands. Take the time to train each and every employee on the importance of protecting customers’ data so they understand it is part of their job to follow best practices. Employees should understand what they need to do in order to comply with HIPAA, so this should be the main focus during the training.
Forgetting to Secure Wireless Networks
Many healthcare businesses are operating on wireless networks, but these are often targeted by hackers. To protect data that can be accessed through these wireless networks, healthcare businesses need to ensure they are using the most up-to-date technology. Outdated routers are easier to hack, so they should never be used in a business environment. Healthcare professionals also need to check their settings to make sure that unauthorized devices cannot gain access to the network. The password on this network should be changed on a regular basis and should not follow any type of pattern. For example, the password should not be March123 during the month of March and April123 during April. Keeping these networks secure is an important part of protecting the confidential data that you have stored.
ERI works with clients in the healthcare industry on a regular basis, so we understand their unique data storage and destruction needs. For more information on recycling your electronics, or to request a quote for your company, contact us today.