The vast amount of sensitive information stored on your computers could be a risk for your business — and for your patients. Keep everyone safe with secure disposal procedures.
The vast amount of sensitive information stored on your computers could be a risk for your business — and for your patients. Keep everyone safe with secure disposal procedures.
Your dental practice contains a wealth of confidential information that is required for the daily support for your patients: financial data for payments and insurance, health-related items such as X-rays and photos as well as personal information including Social Security numbers, home and billing addresses, legal names of relatives and more. With personal information selling for up to $1,000 per record on the dark web, this data is a treasure trove for hackers that are not afraid to get their hands dirty looking through discarded electronic devices such as floppy drives, CD-ROMs, computers and even thumb drives or other storage devices.
Correctly destroying and then recycling these materials can help save your dental practice from the liability associated with improperly discarding dental electronics. The Department of Health and Human Services (HHS) requires that dental practices and other healthcare-related entities take all reasonable actions to address the final disposition of electronic PHI from any type of hardware or electronic media on which it was stored. Securely recycling these electronics helps reduce the possibility that your organization could be affected by a costly data breach, too.
Recycling used technology such as servers, routers and computers is not a topic that comes up every day in dental offices, so it may be unfamiliar to some IT teams. Whether or not your electronics have been used to transmit or store protected health information, it’s vital to follow the correct procedures to recycle your aging electronics. This is because there are any number of dangerous substances that can be released into the atmosphere when you destroy technology and these are all items that should not be placed into a standard landfill. According to Dr. Stacey K. Van Scoyoc, chair of the Council on Dental Practice, “Be aware that states may have more restrictive rules for the disposal of non-hazardous materials with requirements beyond what is found in the EPA’s rule so it’s prudent to review your state’s specific requirements to determine whether they’re more stringent than those at the federal level.”
Of course, the need to protect the environment is half the reason dental practices need to be so incredibly careful with their patient records that could be stored on aging electronic devices. HIPAA government regulations require that computers and other technology — including training requirements for those individuals that are involved in the destruction of records and hardware — are quite strict and should be diligently followed or you risk future liability for your practice. Even if records are completely unreadable and you think that the devices have been rendered unusable, it’s best to ensure that your dental electronics are certified as destroyed by a qualified entity. You can learn more about the various regulations around HIPAA and HITECH security and the protection of confidential patient records on the American Dental Association’s website.
Disposing of biological waste is something that dentists are quite familiar with, but getting rid of technology that might contain electronic Protected Health Information is a different story altogether. Let the professionals at NOVA Computer Solutions help create a process that works for your dental practice, providing you with peace of mind knowing that you will be fully HIPAA and HITECH compliant with your technology recycling strategy. Contact NOVA at 703-493-1796 to schedule your free initial consultation or to learn more about the various services that we offer for dentists. As IT support specialists that focus on dental practices, we have years of experience helping your team navigate complex government regulations, compliance and reporting requirements.