Interoperability,
Integrated Healthcare Enterprise, everyone is talking about how to make one equipment system or application talk to the other and understand the same
meaning. The big picture is to work on standards
- a neutral and disinterested interpreter of languages and codes. The result will be a bureaucratic liaison
that just wants to receive the information, convert the data into a series of
messages then pass it on. This will likely
increase your local risk of releasing sensitive data… as if the risks aren’t
high enough already:
Leadership bonuses
Confidential board
communications and documents passed between board members
Personal and corporate
bank accounts
Strategic plans
Personnel actions
Social security numbers
Diagnoses
Marriage licenses
Birth certificates
The standard will treat
all of the above categorical information the same so that as many devices that
need the information can receive it, know what do with it, and/or respond to
it.
Other than desktops,
laptops, mobile phones, and servers, healthcare has to deal with these devices that
contain staff information, corporate, and patient data:
C-Arms
Mobile X-Ray
CT
MRI
Angiography systems
Catheterization systems
Mammography Units
Chemical Analyzers
Blood Gas Analyzers
Treatment Planning Systems
Lab Equipment
Bedside monitors
Transport monitors
Central stations
Mobile tablets
Handheld computers
Contrast injector
and there is more to
come.
Interoperability means even the
handy and every present screening type vital signs monitor could end up with
patient data. There are projects to do exactly that, so don’t laugh. Lean and
Six Sigma penetration into workflow, patient behaviors, missed revenue
opportunities means getting efficiencies through data collection of staff
actions, patient actions, information exchanges, and treatment. This is what DMAIC is all about.
But, that’s not
all. Let’s talk about ownership in
regard to interoperability and data. Healthcare
equipment can be:
Owned by the
organization
Reside locally, but owned
by state or local
governments
Short-term rental (owned
by supplier)
Long Term leased (UCC
Filings or owned by bank or leasing company)
Earned purchase credit
(owned by the supplier) Consignment (owned by the supplier)
Non-capital based on
volume (owned by the supplier)
Cost-per-test (owned by
the vendor and the bank)
Purchased service (owned
by the vendor)
And… there is lost equipment,
equipment in storage and equipment that is in limbo – no one uses or plans to
use. All of these can contain data and
may go back to the vendor, returned for maintenance, end of term to the bank,
or sold to a remarketer with hard drives still intact and with data.
Where is the final resting
place of this data? Found by another
facility? In the hands of a criminal,
desperate, or just a careless person…?
Am I creating a scare? Well yes. But there is a chasm of difference between crying
wolf and pulling someone out of the path of a speeding tour bus. The issue of letting sensitive data out of
your organization has the potential impact of speeding buses. How many buses equal 10 Trillion bytes (only
5 computer servers)? Well, that depends
on the damage. Chances are you need help
to avoid stepping into the path of a speeding bus in the first place. You also need the redundancy of a company to pull
you back just in case.
Corporate policies can require
removing hard drives and destroying them.
Others erase the data with an intense magnetic field. Evidently, there are gaps in some companies’
compliance to policy.
I discussed these issues with a leasing company,
a remarketer, and an asset disposal company.
These businesses receive equipment from healthcare treatment center and
other industries Each finds it absolutely necessary to add a layer of service
that protects them and adds needed redundancy for their customers.
Leasing:
I spoke with Chris
Wuest, Senior Vice President of Asset Management at First American Equipment
Finance, FAEF. Our specific conversation
was around the process to help customers keep information from reaching them in
the first place. If it did, what was their process to mitigate the risk of
stored data getting beyond them?
One of the most useful preventative
tools is the Customer Care application FEAF offers. The application gives the customer access to
lease term expiration dates and more. Chris
stated that getting an early start before the expiration date allows clients to
plan accordingly. FAEF sends a checklist
that instructs clients on properly preparing equipment for return.
Once equipment arrives
at FAEF, Chris manages the process. “The 1st thing that occurs is an
inventory.” Anything mistakenly sent is “quarantined.” “We ask of its disposition.” Most often the customer asks for the
equipment to be returned. There is an
assessment of whether sensitive information is stored in all devices. FAEF generates a report of finding and sends
it back to the customer. The report can
help close the client’s gap in compliance.
Next, FAEF brings in a
specialist to perform Department of Defense and R2 Certified data destruction
and complies with e-waste as well.
Remarketers share these
concerns of their warehouses receiving stored data. Philip Jacobus, President of DOTmed, states,
The take away for
hospitals: 1) ask your leasing companies about their respective processes. Please feel free to leave an anonymous note
on the blog of what you find. No need to
refer to the company. Start with the
header, “Publish” or “Do not Publish.” The first thing you may find is a new outlook
on how many leasing companies you may need to survey for this particular risk.
2) Interoperability may make
the situation worse. Consider finding
help to manage trade-ins, resale, asset recovery programs, leased equipment
returns or even assist with all the ownership issues of various equipment. One such company is LifeSpan, http://www.lifespantechnology.com/about-us.
They “provide hardware recycling and disposal, data destruction, hardware
resale, and a full range of IT asset disposition services to corporations,
OEMs, hospitals, and municipalities nationwide.” More on them in the next Blog.
Need help. Send an email to alfordhardy@gmail.com
The big picture is to work on standards - a neutral and disinterested interpreter of languages and codes. it asset disposition services in india
ReplyDelete