Healthcare organizations have some of the most sensitive personal data of any industry. They also face some of the most complex regulatory requirements. As with any Canadian company that collects personal data, healthcare agencies fall under The Personal Information Protection and Electronics Documents Act (PIPEDA), which governs how private sector organizations collect, use, and disclose personal information.
Yet, some provinces have their own healthcare privacy legislation in place, including Ontario’s Personal Health Information Protection Act, New Brunswick’s Personal Health Information Privacy and Access Act, and Newfoundland and Labrador’s Personal Health Information Act. While these regulations are substantially similar to PIPEDA, it’s important for health care organizations to perform their due diligence and understand which regulations apply to them.
PIPEDA and its counterparts are robust and complex in nature. For one, there’s a wealth of personal health data encompassed by the regulation, including a patient’s:
- ID numbers
- Income data
- Ethnic origin
- Blood type
- Medical records
- Opinions and evaluations
- Social statements
- Payment information
There are also several requirements in place for the retention and destruction of the data. Specifically, PIPEDA states that while there is no “one size fits all” retention period, “personal information that is no longer required to fulfil the identified purposes should be destroyed, erased, or made anonymous.” Organizations must establish and implement guidelines and processes to meet this requirement.
Moreover, as the Office of the Privacy Commissioner of Canada notes, an organization cannot simply throw away personal information. When it comes to electronic copies of patient data, the equipment storing the information can be managed in one of three ways:
- Physically destroyed (hard drive shredding, for example)
- Erased via overwriting, which is performed using advanced software
- Degaussed, or sanitized through the use of a reverse magnetic field
To determine which option is best, healthcare organizations should consider the sensitivity and the value of the data. For instance, if the data is of a highly sensitive nature and/or would be attractive to hackers, a strong disposal measure such as physical destruction may be most appropriate.
Because these data destruction methods are complex and most healthcare organizations don’t have the appropriate tools to carry them out themselves, the Office of the Privacy Commissioner of Canada suggests turning to a trusted third-party contractor specialized in data destruction—which is precisely where Quantum comes in.
We’re experienced in meeting the unique demands of healthcare organizations when it comes to safeguarding sensitive patient data and ensuring compliance with regulatory requirements pertaining to equipment destruction. We can also assist with asset redeployment to ensure you’re not allowing any sensitive data to sit idle. Here’s a closer look at how our services benefit the healthcare sector.
Download a PDF version of How Quantum Works with Healthcare Providers
Support Patient Data Security
With Quantum, data security starts at the point of pickup. Whether we’re shredding your hard drives in front of your IT teams using a mobile truck or transporting assets to our facility for data destruction, you can rest assured nothing is left to chance when we’re handling devices with sensitive data.
At your facility, our background-checked employees will scan and log device serial numbers so you have hard proof of the items that were picked up. When we transport your assets, our trucks are never left unattended and GPS tracking is in effect the entire time. We have a positive, closed-loop chain of custody, and you’ll have access to a portal that allows you to track exactly where your assets go. To ensure the fullest level of compliance, we offer certificates of destruction. We’re also NAID AAA certified, which represents the highest level of data destruction certification available.
Because Quantum is both an ITAD and recycling company, any parts of your devices that are recycled will also be processed by us. Other companies that don’t manage the recycling process may ship your devices overseas, breaking the chain of custody and potentially introducing security risks.
Streamline Asset Redeployment
Asset redeployment can be challenging for healthcare organizations. Whether you own or lease your assets, redistributing devices is a common practice—but one that introduces inherent security risks. You can’t have sensitive data being transferred between facilities, so Quantum ensures your assets are wiped of any data but still usable. We’ll even reimage your devices and reinstall operating systems. With access to a virtual warehouse, you can track which assets are available for redeployment at any time.
Our services aren’t just limited to traditional IT assets such as laptops, desktops, servers, and monitors, either. We can manage a broad range of medical electronics, including imaging devices such as x-ray and scanning machines. And, as with all of our solutions, our asset redeployment services follow the same security-focused principles from the initial pickup.
Ensure Safe & Secure Equipment Destruction
The destruction of healthcare equipment is challenging because of the sensitivity of data and the potentially hazardous elements it contains. Healthcare companies are also heavily scrutinized when it comes to the reuse and resale of medical equipment. While enlisting the help of a free pickup service may seem like the simplest and most cost-effective solution, it comes with significant risks. Proper disposal of your obsolete medical equipment is a critical element of avoiding liability. Medical devices that are reused at different organizations and fail to perform properly could be traced back to the parent company. Even if they didn’t know or approve of the equipment reuse, it leaves the original disposing agent vulnerable to lawsuits.
Quantum can handle hazardous medical equipment properly and will validate destruction for liability purposes. Whether you choose to receive weight-based certificates or serialized lists, we can satisfy your internal medical equipment destruction policies while minimizing your healthcare company’s environmental impact and supporting regulatory compliance. As a convenient, one-stop shop for all medical asset disposition needs, we’ll work to meet your organization’s specific needs.