What You Need to Know about HIPAA

Disposing of protected health information (PHI) isn’t as simple as tossing your hard drive in the trash and calling it a day. There are many safeguards you need to have in place to make sure your customer’s sensitive data doesn’t end up in the wrong hands. These range from training your staff on best practices to using proper disposal methods to make PHI unreadable.

The industry standard for managing IT recycling, data destruction, hard drive shredding, or computer recycling of PHI is known as the HIPAA Privacy and Security Rules. This article covers all the different safeguards and standards you’ll need to have in place to remain HIPAA compliant.

Here’s what you need to know about HIPAA

  • Organizational Standards:  Creating organizational standards is a critical first step when getting rid of public health information on your hard drive or IT infrastructure. Organizational standards are especially important if you regularly exchange public health information with other business associates or organizations.These standards should comply with all the latest rules and standards set by HIPAA and should explain each associate’s responsibilities and areas of accountability when handling public health information or managing IT recycling of PHI.
  • Policies and Procedures: Creating internal policies and rules in your organization is the best way to ensure you remain compliant with the latest HIPAA Privacy and Security Rules when shredding a hard drive or recycling a computer containing PHI.Your company must maintain written records of its security policies and procedures for at least six years after their date of creation and regularly update them based on any changes that may affect the security of PHI.
  • Administrative Safeguards: HIPAA also requires that you create administrative safeguards to prevent and detect security threats that may compromise PHI during data destruction. These safeguards should outline how your workers will handle sensitive client information and deal with any risks associated with handling PHI.Creating administrative safeguards usually starts with a comprehensive risk analysis of PHI, followed by an implementation phase. During the risk analysis stage, your goal should be to identify all vulnerabilities that may affect public health information stored on your electronic devices. You’ll then need to create and implement a detailed plan for managing data destruction, hardware and software storage, and PHI removal.
  • Physical Safeguards: Physical safeguards are policies and procedures designed to protect PHI systems, buildings and equipment from external hazards such as natural disasters and unauthorized intrusion. HIPAA requires that you implement physical safeguards within your company, and perform a complete risk analysis to evaluate all possible locations that PHI may be accessed.You may discover that PHI can be accessed in different areas of your office, or an employee’s house. In any case, you’ll need to develop a detailed facility security plan that outlines what entities have access to PHI and what steps they need to take to protect PHI in case of emergencies.

Get Rid of Public Health Information the Right Way

Getting rid of PHI doesn’t need to be complicated. If you would like to learn more about how to properly dispose of PHI, please contact us at any time. We would be happy to discuss ways to keep your data safe, both while you’re using public health information, and after you’re done with it.

We’re Thankful for You (and pie)

Happy Thanksgiving to you and yours! While we prepare to spend time with friends and family (and consume way too much turkey and pie), we want to share some of what we’re thankful for this year.

  • We’re thankful for you. Each of our customers and friends help us to stay green by keeping old IT equipment out of landfills. We’re passionate about the planet and grateful that you care as well. Thank you.
  • We’re grateful to be in a position to give back. Securis’ philanthropy includes sponsoring a child through Justice & Mercy who has been discharged from an orphanage and needs help to survive on her own.We also participate in a JDRF Walk to Cure Diabetes each year, and are in our 12th year of partnering with a local high school that provides special education children with an opportunity to get real hands-on work experience. It feels so good to give back and to feel like we’re making a difference.
  • We’re thankful for pie, and for 16 recipes for the very best Thanksgiving pies. We’re already having dreams of stuffing ourselves full of the butterscotch pecan pie. We’re not, however, as sure about the idea of rounding out our meals with a sweet potato bacon pie, but maybe it tastes better than it sounds.

Happy Thanksgiving, everybody! We appreciate each of you on Thanksgiving and all year long.

What’s On Your Wrist Might Be A Security Risk

In this day and age, people and businesses alike have more security concerns to worry about than ever before. We all carry around devices that contain sensitive information, and hackers are always looking for new ways to get into our computer systems. While we rightfully take precautions to protect our computers, smartphones, and networks, we sometimes overlook simpler devices.

We live in a time where every new device is given Internet capabilities. Thermostats, coffee makers, televisions, and watches all can connect to our networks now, and this poses a new security risk. If you’re one of the millions of people who currently wears an Internet-connected device on their wrist, you may want to think about the possible security risks.

How Wearables Compromise Security

There are two main ways that wearables – particularly fitness trackers and smartwatches – present a security risk. For starters, they store a lot of personal information. Even basic fitness trackers know your birthday, age, and weight, along with the number of steps you take in a day, your average heart rate, and, in some cases, your location. These devices typically come with less protection, making all of this personal information more accessible to hackers.

On top of this, wearables provide a gateway into any devices or networks they’re connected to. A sophisticated hacker could upload malware to your wearable device, which then transports it back to your smartphone or computer. While the likelihood of this sort of attack happening is low, that doesn’t mean that it should be ignored.

Three Precautions To Take With Your Wearables

If you want to make sure that your information remains safe – particularly if these devices are connected to business-related networks or devices – there are a few things you can do. First, if the devices are a part of a company-wide program, you should set up a separate network for them. This will isolate all devices to one network, and prevent them from having access to sensitive company equipment or information.

Next, whether you’re a business or an individual, you’ll want to know what sort of personal information your device has. For instance, if you’re uncomfortable with storing your location on your device, you might want to turn off the GPS feature. Or, don’t store your full name along with your birthday.

Companies need to know what sort of information they’re collecting from these devices. There are regulations in place regarding the collection of information, and companies and agencies want to make sure they’re in compliance.

Finally, if a device breaks, or you decide you no longer wish to use one, it’s important that all information is wiped from the device. Data destruction is an important aspect for all electronic devices, and your wearable is no different. You’ll want to ensure that all information is being properly erased from the device, rather than simply throwing it out. To do this, talk to an IT recycling or hard drive shredding company to ensure the process is completed right. Just because a device no longer works, doesn’t mean there isn’t personal information still stored on it.

Don’t Overlook The Devices You Wear

We have grown so accustomed to everything being connected to the Internet these days, that we often forget there are security risks involved. Don’t let yourself grow complacent, and treat any wearables you might have the same way you treat your smartphone or laptop. Wearables might not be the biggest security threat around, but if the time comes when someone does try and hack into yours, you’ll be happy you took precautions.

To learn more about how to properly erase data from your wearable devices, please contact us at any time. We would be happy to discuss ways to keep your information safe, both while you’re using the device, and after you’re done with it.