Employee Login

siskin hospital, rehabilitation, case study, healthcare, hard drive shredding, chattanooga, tennessee, on site, disk shredding, mobile

Case Studies: Healthcare

SUMMARY

 

Siskin Hospital for Physical Rehabilitation has a stellar reputation for providing exceptional service along the full continuum of care. The not-for-profit hospital utilizes state-of-the-art technologies like the Erigo Tilt Table, LokoMat Exo-Skeletal Robotic Orthosis, and computer-simulated Armeo Robot to ensure their patients the highest level of innovative care. It is a must that the technology infrastructure be maintained and secured at all stages of the information life-cycle. This, coupled with recent physical renovations to the IT facility, presented challenges to the secure destruction and disposal of retired IT devices.

 

ISSUES TO RESOLVE

 

Information Security

Patient information is arguably the most coveted and important form of information generated, collected, and disseminated in our society today. Because of this, protecting this information at all stages of its life-cycle is more important than ever. During normal operation, and particularly during any facility renovations, the security of the devices containing private patient information could not be compromised in any way.

 

Expediency

In order to meet the deadlines for renovation as well as keep up with the pace of data generation and storage, Siskin required expedient and secure disposal and destruction of their IT devices.

 

Working with an Accredited Partner

Siskin Hospital for Physical Rehabilitation was the first rehabilitation hospital in the nation to earn accreditation from both the Joint Commission and the Commission on Accreditation of Rehabilitation Facilities (CARF) within its first ten months of operation. Accreditation is an important focus for Siskin, and as such selecting an accredited destruction partner was paramount. Resource 1’s numerous accreditations in the IT destruction, Disposal, and Recycling areas made the choice easy.

 

On-Site Processing and Device Destruction

Due to the sensitive nature of the data being handled, Siskin simply could not risk transporting the devices to an off-site location for processing and destruction. Therefore, working with a partner that provided on-site processing and destruction of all devices was key to meeting their needs.

 

ACTIONS TAKEN

 

Through an in-depth understanding of the needs and challenges Siskin faced, Resource 1 was able to custom tailor a strategy that allows Siskin to accomplish all of their goals without ever sacrificing security or chain-of-custody of their devices.

 

Information Security

Siskin had information-bearing devices stored in a secure location that was scheduled to be completely renovated, so the devices needed to be processed and destroyed in an expeditious manner. Also, there had not been a firm with the capability to process and destroy their devices on-site. By law, they were not allowed to let anything unencrypted leave the campus. Resource 1 was able to process via bar code scanning each device to capture the server, model, and serial number at their facility.

 

This information populated a spreadsheet given to the client at the end of the appointment to maintain for their records. Upon completion of equipment serialization, the data bearing devices were then shredded on-site during the same appointment, while the client witnessed everything. Once shredding had been completed, the certificate of destruction was signed and delivered to the client prior to Resource 1 departing the facility, and the residual shredded materials were responsibly recycled according to EPA guidelines.

 

Expediency

Resource 1 utilized several mechanisms to expedite the process and achieve minimal impact on employees and patients to produce minimal organizational downtime. A bar code scanner quickly and thoroughly captured server, model, and serial numbers from each device processed. State-of-the-art shredding machinery permanently destroyed all data-bearing devices in a fraction of the time of other destruction methods. Within hours Resource 1 was able to securely process and destroy years of equipment buildup for Siskin.

 

Working with an Accredited Partner

Accreditation is an important part of the Siskin culture and philosophy, and as such working with an accredited destruction and disposal partner was key. The secure destruction and disposal of IT equipment is a relatively new industry, but there are national and international organizations governing the standards and procedures of the industry. The National Association of Information Destruction (NAID) and the Information Systems Security Association (ISSA) are just some of the myriad certifications and memberships Resource 1 currently holds.

 

On-Site Processing and Device Destruction

Having every decommissioned device processed and destroyed on-site was key to meeting the goals of Siskin’s IT department. Resource 1 was able to remove, process, and destroy all decommissioned IT equipment at the downtown Siskin facility, while representatives of their IT department witnessed the entire process. An itemized and detailed certificate of destruction was then provided during the visit. This document is completely auditable, and the residual shredded material was recycled adhering to strict EPA and R2 standards of compliance.

 

RESULTS

 

Siskin was able to successfully and securely perform a complete sweep of their IT suite, allowing the renovation to remain on track. The entire suite of decommissioned devices were processed and destroyed in a matter of hours, a task that historically has taken IT professionals weeks or even months to perform.

 

All materials processed by Resource 1 were completely reused or recycled responsibly contributing nothing to landfills or toxic waste streams. Certification of responsible recycling was provided to the hospital for their records.

 

NEXT STEPS

 

Resource 1 currently has a consistent destruction schedule with Siskin Hospital for Physical Rehabilitation to help them routinely and securely dispose of decommissioned IT equipment, making it unnecessary to store devices for protracted periods of time. This decreases any risk of breach or accident.

About Resource 1

 

 

Resource 1 is a regional leader in the on-site destruction of data bearing hard drives and backup tape media. Our highly secure NAID AAA Certified destruction processes, coupled with our state-of-the-art machinery and environmentally conscious practices, make securing your organization's most important information easier than ever. We have  met or exceeded all government and legislative regulations and mandates overseeing the proper destruction and disposal of data bearing devices and decommissioned IT equipment, and ensure that everything we handle will be thoroughly and securely destroyed and never recovered.

National Institute of Standards and Technology Better Business Bureau Recycling Industry Operating Standard National Security Agency Health Insurance Portability and Accountability Act Information Systems Security Association International Association of Information Technology Asset Managers US Government Verified Vendor