logo

Thursday, October 15, 2015

Care to Guess Where The Highest Risk PHI is in Your Hospital?

It’s not in an obvious place where you might think.


In fact, during our 10 years of helping leading hospitals increase the return on investment on their medical equipment lifecycle, Miga has learned that the most common at-risk Personal Health Information (PHI) is in an area you’d least expect…your medical equipment. How carefully does your hospital inspect and scrub unused, traded-in or otherwise disposed-of equipment of PHI information?

Here are a few best practice checklist items you may wish to discuss with your staff when implementing a PHI risk mitigation strategy around medical equipment:

1.      Inspect Your Equipment Before It Leaves the Building – How strong are your internal procedures to ensure that PHI is removed?  Your hospital is required to make sure that no equipment for trade or sale leaves your facility with PHI on it.  Create a simple check box on an asset form or other document that ensures a department staff member or clinical engineer checks equipment for PHI before it leaves the facility.

2.      Have Your OEM’s Perform a Final PM and Data Scrub – The best way to ensure PHI is removed is to make sure it is completed according to manufacturer specifications. If your equipment is still under a service contract, OEM’s will be able to do a final PM or service call that includes PHI removal.

3.      Build in Purchase Language That Requires New Hard Drives at End of Life – In some cases, PHI cannot be properly removed unless the hard drive is removed. As you might expect, if the hard drive is removed, the system value could drop significantly. Before you purchase a new piece of equipment, ask your OEM rep if they can add a provision that mandates them to install a new hard drive and software at the time of replacement. Not only will it protect PHI, but it will also save your hospital a lot of money in lost recovery value.

No comments: