Depth and breadth, in the two places that matter, are critical in choosing the right IT Asset Disposition (ITAD) provider for your healthcare organization. Where are the two places that matter? In mitigating any risk of confidential information exposure, data security is where you need a crystal-clear understanding of the depth of your ITAD provider's capabilities. And to reduce administrative burden and cost, evaluate your ITAD provider's breadth of assets processed, so that you don't need to set up and manage multiple partners performing the same services for different equipment.
Data security is the top priority for any healthcare organization, from hospitals to primary care physicians, and everyone in between. With the availability of Electronic Health Records (EHR), also known as Electronic Medical Records (EMR), it has never been easier to share patient information from facility to facility. But this new change also makes it harder to protect patient information under the Healthcare Insurance Portability and Accountability Act (HIPAA).
Under HIPAA, all patient healthcare records — including EHRs and paper forms — must be protected from theft or hacking. When consulting with ITAD providers, your first concern should be their data protection and data destruction methods. Ask a series of questions that really drill down into how they can best protect you:
You might ask, why the serialization of the data-bearing device? If your organization is audited, your goal is to provide maximum assurance of confidential information protection. More and more, it's no longer acceptable to simply demonstrate clear chain-of-custody records at the asset level. It's imperative to prove that the actual data-bearing device — the hard drive, for example — was properly sanitized or destroyed. To provide this comfort and prove contiguous chain-of-custody, ITAD providers should tie that hard drive back to its parent laptop, desktop, or server.
But laptops, desktops, servers, and other end user and data center equipment shouldn't be all that you utilize your ITAD provider for. Printers, scanners, copiers, blood glucose machines, and even vital sign machines can contain patient information. All these devices need to be properly sanitized or destroyed in accordance with HIPAA regulations. Some may be equipped with a data-bearing device that needs to be removed and shredded for data security measures.
Likely, your organization also has medical and lab equipment that needs to be properly dispositioned. To avoid onboarding another provider for facilities equipment, explore the breadth of your ITAD provider's processing capabilities before making a commitment. An ITAD provider with a dual specialty in the sanitization, refurbishment, and recycling of medical and lab equipment can provide additional convenience and efficiencies. Questions to ask include:
At Sprout, we partner with healthcare organizations to pack, transport, data-sanitize, refurbish, and recycle a wide range of equipment, including: