By 2006, every small or large healthcare company – doctors to insurance companies – had to come into compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). One of the important functions of HIPAA is to protect all of a patient’s sensitive health information.
To do this, patients have to sign paperwork allowing permission for a doctor or other medical professional to discuss a patient’s health with anyone else. As more practices and offices switch from paper records stored in filing cabinets, electronic devices now contain years of health records. The files on these devices must be kept secure at all times.
When recycling electronics that are outdated or no longer being used, those responsible for following HIPAA policies may want to have electronics recycled, donate them to schools, or reuse them somewhere else. HIPAA 164.310 (d)(2)(ii) has clear rules on this, too. All HIPAA-protected health information must be completely reused. You think of computers as one of the items protected by HIPAA. What are some of the unconventional ones?
Five Unconventional Electronic Devices Used in Medical Offices That Are Protected by HIPAA
Data protection is important, but it’s overlooked in some situations. These are five devices that people don’t often think about as having patient information where overwriting data isn’t enough protection. HIPAA compliance requires data to be destroyed not overwritten.
#1 – Digital/Video Recorders
Surgeons use digital and video recorders to keep track of things that occur during surgery. These recorders can later be transcribed and added to a patient’s electronic files. Videos are often used to teach medical students if a patient has given his or her permission. HIPAA regulations set time limits on how long a video or voice recording can be stored on an unsecured device or memory card. When they’re no longer needed, they must be recycled in the correct manner.
#2 – Holter (Cardiac) Monitor
Holter monitors record heart function for a specified time period. Most digital monitors record a patient’s private information along with the ECG information. After a patient is done using it, the information must be wiped from the unit. Overwriting the ECG records is not enough.
#3 – Medical Imaging Equipment
X-rays, EKG machines, ultrasound equipment, and other medical imaging machines can save patient information directly on the machine. While files will be transferred to electronic medical records, private information may remain on the machine. It must be removed before the machine is reused.
#4 – Fax Machines
Fax machines are not uncommon in an office, but some people don’t realize they can store images that have been scanned. Information is saved in a fax machine’s hard drive. If you send a fax machine for reuse in another office or building, there may be sensitive files stored in the hard drive that others could steal.
#5 – Pagers
Pagers are still around in many hospitals. They may seem antiquated at this point, but they’re helpful in quickly getting doctors to a specific room in a hurry. While they can be handy, they are also problematic when it comes to HIPAA compliance.
In 2018, a person was using his antenna to get a better TV signal on his computer screen. Instead of accessing the TV channels he wanted, he started getting a feed of patient information that included the patient’s name, doctor’s name, patient’s age, diagnosis, and level of care. This information was out there for anyone to pull in with just an antenna. Other patient records were also visible. Suicide risks, drug overdoses, and alcoholic’s records were all available through unencrypted text.
Read About These HIPAA Violations
The case where the man was reading pager texts is just one example of HIPAA violations that happen from unsecured or improperly recycled medical electronics.
Healthcare data breaches are skyrocketing. Between 2011 and 2018, the Journal of the American Medical Association Reports they increased by 70 percent. While many are the result of hacking, errors on the parts of healthcare employees can also cause these breaches.
In the fall of 2018, an internet outage at seven VA care centers prompted management to allow staff to access medical records on their personal devices. While it’s unknown if any patient files were saved to phones, the directors insisted the staff never would do this. Regardless, government officials called it a serious breach of HIPAA regulations and asked the directors involved in the decision to be fired.
Hire Professionals to Handle HIPAA-Compliant Electronics Recycling
Make sure you’re in compliance with HIPAA laws by using a certified electronics asset disposition service. ERI Direct specializes in recycling and shredding electronics that contain personal information. Scanners, fax machines, and storage devices are just a few of the items we can recycle. If you have questions or want more information, call 1-800-ERI-DIRECT.