GREENSBURG, PA — According to the HHS, the federal entity responsible for HIPAA enforcement, over seventeen thousand HIPAA complaints were filed in 2014—an increase of over 27% from 2013—and resulting fines levied against companies exceeded $1 million in some cases. Surprisingly, less than 10% of HIPAA breaches are the result of hacking. Rather, theft and unauthorized access by employees are the most common problems, and unencrypted laptops, cell phones, and other portable devices lead to breaches most often.Commonwealth Computer Recycling has teamed up with experts to help local IT professionals, CEOs, and CIOs of healthcare organizations better understand data breach risks and mitigate unauthorized access to end-of-life equipment. CyberCrunch’s seminar will take place on Friday, May 6 at its corporate headquarters in Greensburg, Pennsylvania, and the event is open to all healthcare professionals. The seminar will include a facility tour of the company’s DEP-permitted and R2/RIOS-certified eWaste recycling facility.
With the lifecycles of electronics decreasing and more people using personal devices at work, data breaches from improper disposal are inevitable. “We see it all the time,” says Serdar Bankaci, president and founder of CyberCrunch. “Companies claim to have destroyed their units’ hard drives, but in many cases we still find those drives, as well as CDs or DVDs containing x-ray and MRI images and small SD cards. Luckily, the material that comes through our facility is checked and double-checked for any data, as these sorts of oversights might otherwise result in severe consequences for healthcare providers.”
Attorney Beth Anne Jackson, whose practice focuses exclusively on assisting healthcare practitioners and facilities with operational, corporate, and regulatory issues (including HIPAA), contends that this is a legal compliance issue. She states, “Upper-level management, and not just the HIPAA Security Officer, is ultimately responsible for establishing and enforcing procedures to safeguard data at all stages, including PHI stored in end-of-life equipment. A business associate agreement is just the beginning.”
CyberCrunch’s HIPAA seminar will cover how to comply with eWaste laws, effectively destroy data, and recoup costs through the sale of used equipment.
Founded in 2010, CyberCrunch provides nationwide data destruction, data wiping, IT asset disposition (ITAD), and secure recycling services. In addition to its R2 and RIOS certifications, Commonwealth Computer Recycling is permitted by the Pennsylvania Department of Environmental Protection and is a member of the National Association for Information Destruction (NAID) and the Institute of Scrap Recycling Industries (ISRI).