• About
  • Privacy & Policy
  • Contact
Sunday, May 22, 2022
  • Login
MYTECHMAG-A Leading Technology Magazine
Investment USA 2022
Digital Transformation Conference Top Banner
Data Driven Oil & Gas 2022 Top Banner
Mastering Clean Hydrogen Top Banner
LNG Top Banner
CCUS Top Banner
OGAD Top Banner
DWS Top Banner
Energy Storage Top Banner
Payments Summit Europe Top Banner
Project Finance & Project Financial Modelling Top Banner
Cyber Defense Top Banner
Qube Events NPF Top Banner
Exhivits The Virtual Exhibition Top Banner
Renewable Energy Power Purchase Agreements Top Banner
Global Net Zero Action 2022
  • Home
  • Technology
    • Supply Chain
    • Enterprise Security
    • Cloud Technology
    • RegTech
    • HPC
    • Collaboration
    • IOT
    • Compliance
    • Artificial Intelligence
    • Field Service
    • CRM
    • Project Management
    • Fintech
    • Risk Management
    • Cyber Security
    • Enterprise Architecture
    • EAM
    • ECM
    • Block Chain
    • Data Analytics
    • Robotics
    • Disaster Recovery
    • Marketing
  • Industry
    • Retail
    • Healthcare
    • Construction
    • Pharma
    • Education
    • Textile
    • Aerospace and Defense
    • Banking
    • Smart City
    • Oil and Gas
    • Telecom
    • Travel & Hospitality
    • Agri Tech
    • Media & Entertainment
    • Logistics
    • Manufacturing
    • Legal
    • Government
    • Real Estate
    • Automotive
    • Food and Beverage
    • Biotech
    • HR
    • Insurance
    • Energy and Utilities
    • Contact Center
    • Capital Market
    • Chemical
    • Sports
  • Vendors
    • Aerospace and Defense
    • Agri Tech
    • Artificial Intelligence
    • Automotive
    • Banking
    • Capital Market
    • Collaboration
    • Construction
    • Contact Center
    • CRM
    • Cyber Security
    • Data Analytics
    • Disaster Recovery
    • EAM
    • ECM
    • Energy and Utilities
    • Enterprise Architecture
    • Enterprise Security
    • Fintech
    • Government
    • Healthcare
    • Insurance
    • IOT
    • Legal
    • Logistics
    • Manufacturing
    • Marketing
    • Oil and Gas
    • Pharma
    • Retail
    • Risk Management
    • Smart City
    • Supply Chain
    • Top CEOs
  • Magazines EditionsMost Clicked
  • News
  • Featured Articles
  • Top CEOs
  • Events
No Result
View All Result
  • Home
  • Technology
    • Supply Chain
    • Enterprise Security
    • Cloud Technology
    • RegTech
    • HPC
    • Collaboration
    • IOT
    • Compliance
    • Artificial Intelligence
    • Field Service
    • CRM
    • Project Management
    • Fintech
    • Risk Management
    • Cyber Security
    • Enterprise Architecture
    • EAM
    • ECM
    • Block Chain
    • Data Analytics
    • Robotics
    • Disaster Recovery
    • Marketing
  • Industry
    • Retail
    • Healthcare
    • Construction
    • Pharma
    • Education
    • Textile
    • Aerospace and Defense
    • Banking
    • Smart City
    • Oil and Gas
    • Telecom
    • Travel & Hospitality
    • Agri Tech
    • Media & Entertainment
    • Logistics
    • Manufacturing
    • Legal
    • Government
    • Real Estate
    • Automotive
    • Food and Beverage
    • Biotech
    • HR
    • Insurance
    • Energy and Utilities
    • Contact Center
    • Capital Market
    • Chemical
    • Sports
  • Vendors
    • Aerospace and Defense
    • Agri Tech
    • Artificial Intelligence
    • Automotive
    • Banking
    • Capital Market
    • Collaboration
    • Construction
    • Contact Center
    • CRM
    • Cyber Security
    • Data Analytics
    • Disaster Recovery
    • EAM
    • ECM
    • Energy and Utilities
    • Enterprise Architecture
    • Enterprise Security
    • Fintech
    • Government
    • Healthcare
    • Insurance
    • IOT
    • Legal
    • Logistics
    • Manufacturing
    • Marketing
    • Oil and Gas
    • Pharma
    • Retail
    • Risk Management
    • Smart City
    • Supply Chain
    • Top CEOs
  • Magazines EditionsMost Clicked
  • News
  • Featured Articles
  • Top CEOs
  • Events
MYTECHMAG-A Leading Technology Magazine
No Result
View All Result
MYTECHMAG-A Leading Technology Magazine
No Result
View All Result
Home Healthcare Executive Voice

Choosing the Right IT Asset Disposition (ITAD) Provider for Your Healthcare Organization

Alex Cummings and Arun Karottu by Alex Cummings and Arun Karottu
November 22, 2019
in Executive Voice, Healthcare
Alex-Cummings-and-Arun-Karottu

Alex Cummings & Arun Karottu, SMR Worldwide

22
SHARES
86
VIEWS

Very few industries are subject to the level of data security threats that the healthcare field must navigate on a daily basis. Here are our recommendations for finding and sourcing an ITAD company for your retired hardware.

By Arun Karottu and Alex Cummings of SMR Worldwide

Healthcare institutions compile vast amounts of personal data on patients including medical histories, social security numbers, credit card information, etc. The computers, servers and other electronic devices that hold this data are constantly at risk of cyberattacks and data leaks. The risks do not diminish even after these devices have been decommissioned and discarded. A data-bearing device could still end up in the wrong hands and compromise confidential information.

There are many laws and regulations in place to ensure responsible handling of electronic personal health information (e-PHI) by healthcare providers. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the most relevant when it comes to ensuring data security in end-of-life devices that are handled by ITAD firms. HIPAA-compliant healthcare providers are required to “ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit” and “identify and protect against reasonably anticipated, impermissible uses or disclosures” 1. HIPAA also stipulates that healthcare providers must perform risk assessments and implement required administrative, physical and technical safeguards in the handling of e-PHI. Non-compliance can be costly. Penalties can range from $100 to $50,000 per violation – the loss of a laptop containing records of 500 individuals may constitute 500 violations. Violations can also carry criminal charges that can result in jail time 2.

Here are some of our recommendations for managing e-PHI risk when it comes to your IT Asset Disposition (ITAD) partner:

The Business Associate Agreement

Healthcare organizations are required to have a current HIPAA business associate agreement (BAA) in place with each of their partners, including their ITAD partner. The BAA legally binds the ITAD partner to destroy all the e-PHI that is handled, to safeguard the data from misuse and to help the healthcare organization maintain HIPAA compliance 3. Healthcare organizations working with an ITAD partner without a BAA will be found non-compliant in an Office of Civil Rights (OCR) audit and could be punished. Healthcare organizations must also review and update their ITAD partner’s security policy. This policy should be reviewed yearly and cover all data storage devices likely to contain PHI 4.

ITAD Partner Certifications and Standards

The following certifications and standards can help pick the right ITAD partner 5:

  • e-Stewards or R2: Both R2 and e-Stewards certified electronics recyclers have demonstrated through audits and other means that they continually meet specific high environmental standards and safely manage used electronics. Once certified, continual oversight by the independent accredited certifying body holds the recycler to the particular standard 6.
  • ISO 9001: This standard addresses the fundamentals of quality management systems based on seven quality management principles.
  • ISO 14001: This family of standards is related to environmental management. It helps organizations minimize their negative impact on the environment and comply with applicable laws, regulations, and requirements.
  • ISO 27001: Requires that a company implements and maintains an Information Security Management System (ISMS) that ensures adequate security controls and processes are in place to protect sensitive information.
  • OHSAS 18001: Helps organizations monitor and improve occupational health and safety performance.
  • NIST 800-88: This standard provides guidance to assist organizations in making sanitization decisions to ensure the confidentiality of their information.

Chain-of-Custody and Certificate of Destruction

ITAD partners must maintain fully documented chain-of-custody for all data-bearing devices that they handle. This documentation needs to include custody transfers to subcontractors all the way down the supply chain until the electronic equipment has been destroyed or wiped and is no longer considered e-PHI 7. ITAD partners must also provide certificates of destruction (container device serial numbers) for each data-bearing device that the company destroys or data wipes. Both chain-of-custody and certificates of destruction must be available for review by the healthcare org at short notice.

Ideally, the ITAD partner would make this information available in real-time. Healthcare organizations should have real-time access to the aforementioned certificates of destruction, chain-of-custody, captured serial numbers, and other device information, photos of received pallets and assets, etc. Having this data available in real-time allows for complete transparency between the healthcare org and the ITAD partner. This will also allow for easier audits for the healthcare org.

Logistics

When choosing an ITAD provider for your healthcare organization, you should consider a partner that uses tamper-proof, secure containers that are made of metal and have a locking mechanism to keep those assets from being removed. Logistics is considered one of the most high-risk areas for ITAD and should be thoroughly thought out and agreed upon by the healthcare org and the ITAD partner. Logistics services to consider would include company-employed drivers, tamper-proof barcoded seals on containers and trailers, GPS tracking units on containers and trailers, and in some circumstances, security teams that travel with the transport. It is highly recommended NOT to use a logistics company that will off-load your assets at a hub and either leave them overnight or cross-dock the containers as this delays your assets being processed but also gives access to those assets to other parties at that hub.

SMR Worldwide’s mission is “Transforming yesterday’s technology into the supply chain of tomorrow” as they become the world’s most disruptive vision for last-mile IT asset management. SMR partners with the world’s leading manufacturers, highest volume IT distributors and most privacy-obsessed enterprises. Their focus is to deliver the best turnkey ITAD programs from end-to-end while protecting our client’s brand and reputation while minimizing environmental impacts. In the summer of 2019, SMR was placed on the Inc. 5000 list at #1563 in just its 5th year of operation. They are creating new solutions all the time, adding not only new service locations but new service capabilities. For more information, call (704) 873-8878, e-mail at [email protected] or visit www.smr-worldwide.com.

    • https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
    • https://www.truevault.com/resources/compliance/how-much-do-hipaa-violations-cost
    • https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html
    • https://www.ironmountain.com/resources/general-articles/s/stay-hipaa-compliant-and-mitigate-risk-with-the-right-itad-solution
    • https://www.epa.gov/smm-electronics/certified-electronics-recyclers
    • https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-july-2018-Disposal.pdf
Share2Tweet6Share9
Previous Post

Next-gen Data Products for Insurance Industry

Next Post

Cyber Security Trends to Watch in 2020

Alex Cummings and Arun Karottu

Alex Cummings and Arun Karottu

Alex Cummings creates, implements and executes the global marketing and public relations strategy for SMR Worldwide (formerly Smart Metals Recycling) headquartered in Statesville, NC with four additional locations in the United States. Alex executes SMR’s mission on their website, social media, market research, press releases, e-mail campaigns, partnerships, blogs, sales presentations, along with graphic design and content management. He spent the last 15 years in various client services and marketing roles with companies, such as World Racing Group, World of Outlaws, Roush Yates Engines and SRI Performance before finding his purpose in the ITAD and Electronics Recycling Industry. Arun Karottu is the co-founder and CTO of SMR Worldwide (formerly Smart Metals Recycling). Arun co-founded the company as a dorm-room startup while he was a student at Duke University in 2014. He leads the development of the company’s proprietary SmartERP software system. This one-of-a-kind software has helped SMR streamline its operations and provide its customers with real-time data, insights, and transparency into the electronics disposition process like never before. This technology has enabled SMR’s meteoric rise to one of the leading ITAD & electronics recycling companies in the US.

Related Posts

Concordance Healthcare Solutions
Healthcare

Concordance Healthcare Solutions – Overview & Reviews

May 2, 2022
Sunset Healthcare Solutions
Healthcare

Sunset Healthcare Solutions – Overview & Services

April 29, 2022
Avalon Healthcare Solutions
Healthcare

Avalon Healthcare Solutions – All You Need to Know

April 28, 2022
Next Post
Cyber Security Trends to Watch in 2020

Cyber Security Trends to Watch in 2020

OGAD Side Banner
Global Net Zero Action 2022
Data Driven Oil & Gas 2022 Side Banner
Energy Storage Side Banner
Investment USA 2022 Side Banner
LNG Side Banner
Payments Summit Europe Side Banner
Qube Events NPF Side Banner
Digital Transformation Conference Side Banner
Exhivits The Virtual Exhibition Side Banner
Mastering Clean Hydrogen Side Banner
CCUS Side Banner
Cyber Defense Side Banner
Project Finance & Project Financial Modelling Side Banner
DWS Side Banner
Renewable Energy Power Purchase Agreements Side Banner
Tweets by MyTechMag
Data Driven Oil & Gas 2022 Side Banner
MYTECHMAG

Transforming news into insights, not only do we serve as a source of information but as the breeding ground for innovative ideas and exchange of breathtaking strategizes that can make a difference in your technological understanding.

Follow Us

  • Home
  • About Us
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • Sitemap
  • News
  • Subscribe
  • Contact Us
  • RSS
  • Write For Us

Recent Posts

Sudhakar Ramakrishna

Sudhakar Ramakrishna Net Worth, Biography, Age, Career, Salary & More

May 19, 2022
Jason Citron

Jason Citron Net Worth, Biography, Age, Career, Salary & More

May 18, 2022
  • About
  • Privacy & Policy
  • Contact

© Copyright © 2022 MYTECHMAG. All Right Reserved.

No Result
View All Result
  • Home
  • Technology
  • Industry
  • Vendors
  • Magazines Editions
  • News
  • Featured Articles
  • Top CEOs
  • Events

© Copyright © 2022 MYTECHMAG. All Right Reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In