Are you protecting Patient healthcare data on discarded equipment?

Are you protecting Patient healthcare data on discarded equipment?

Given the increase in computer usage to track patient data and that we’re all now going through new cycles of computer purchases (especially with Vista coming soon) discarding older equipment is something we do often.

Discarded equipment may include entire computers or just hard disks, thumb drives, and other storage devices. One thing I’ve been discussing with my clients is their strategy for protecting information on discarded devices and it makes sense to review your own policies. Some questions to ask your team:

  1. Does your organization have a policy for destruction of sensitive data within its own environment?
  2. Does your organization’s policy extend to your partners and vendors or do they have their own policies?
  3. What tools are in use to destroy sensitive data and do they meet the requirements stipulated in your policies?
  4. If you do have policies, how are they enforced and documented so that if legal action is required you are prepared?
  5. If you’re not disposing of older equipment, where is it kept? Is it inventoried and tracked? How would you know if older equipment with sensitive data is stolen?

How to start protecting yourself:

  • Reduce the amount of information available on storage devices by using thin-client software that doesn’t maintain state anywhere except on a server.
  • Create an awareness campaign to make sure patient-sensitive information is stored only on servers and shared file systems instead of on personal PC’s and thumb drives.
  • Create risk assessments, policies, and procedures to ensure you have a plan for addressing discarded devices. Be sure to include third parties (especially oursourcers) and ask them about their data retention policies.
  • Use comprehensive data cleansing tools to erase data, not just the Windows or operating system “delete” commands. None of those basic commands will actually delete data, they only “hide” it.

If any of you have policy or procedure documents in place that you can share, leave a comment here or volunteer to do a guest post where you can discuss your successes/challenges. It would be useful for us all.

Shahid N. Shah

Shahid N. Shah

Shahid Shah is an internationally recognized enterprise software guru that specializes in digital health with an emphasis on e-health, EHR/EMR, big data, iOT, data interoperability, med device connectivity, and bioinformatics.


The Southern California Linux Expo (SCALE) has announced plans to host an Open Source Health Care summit as part of their upcoming 2007 conference, SCALE 5x. The event will be held on February 9, 2007 …

Did you find this useful?

Medigy Innovation Network

Connecting innovation decision makers to authoritative information, institutions, people and insights.

Medigy Logo

The latest News, Insights & Events

Medigy accurately delivers healthcare and technology information, news and insight from around the world.

The best products, services & solutions

Medigy surfaces the world's best crowdsourced health tech offerings with social interactions and peer reviews.


© 2023 Netspective Media LLC. All Rights Reserved.

Built on Jan 17, 2023 at 9:26am