Could Hospitals Do More with Confidential Data Shredding?
Although confidential data shredding may well seem like one of those chores that you keep putting off in favour of other seemingly more important business tasks, it’s vital that this is carried out and done properly to safeguard any sensitive information.
This is going to be particularly important come next month (May) when the new General Data Protection Regulation (GDPR) processes and procedures are initiated… and it’s possible that there are some businesses and organisations out there that are still not ready for the changes.
A new study from the University of Toronto and St Michael’s Hospital, published in the online journal JAMA, has found that thousands of documents with personal health information and other data were put in recycling bins instead of being shredded. The most common type of personal information found was financial data, with the majority of the documents taken from physicians’ offices.
Of the 2,687 documents which the researchers collected that did have personally identifiable information (out of 591.6kg of recycling), 802 were of low sensitivity, 843 of medium and 1,042 of high sensitivity.
Lead author of the study Dr Nancy Baxter – chief of the general surgery department at St Michaels – commented on the findings, saying that since human error is a big cause of privacy breaches in institutions like hospitals, such organisations should find ways to reduce the number of paper documents they create as well as being more vigilant when it comes to shredding.
“Patients have a right to expected safekeeping of personal information. In many jurisdictions, including the province of Ontario, protection of personal health information is codified in legislation,” she went on to observe.
In the UK, with GDPR on the horizon, it’s never been more essential for your company to ensure best practice when it comes to the destruction of potentially sensitive documents.
Back in 2016, the Information Commissioner’s Office found that the health sector had a 22 per cent rise in reported health incidents in the third quarter of the year, with the three main breach types found to be data posted or faxed to the wrong person, data sent by email to the incorrect person, and loss or theft of paperwork.
Shredding is an effective way of securing sensitive information to prevent third parties gaining access to it – and it’s one of the best ways to ensure your company meets GDPR requirements. Under the new regulations, if a data breach results in someone’s information being stolen you will find yourself liable.
Appropriate document destruction is therefore necessary since any documents not shredded can be found and read by anyone. You may well have information which needs to be destroyed and your standard office shredder simply isn’t up to the task – so get in touch with us here at Avena, if you feel you need help with Secure & Cost-Effective document destruction.