Medical practices replacing computers and related electronic equipment at year end must carefully manage their disposal to avoid significant liability.
One common recurring seasonal business risk for doctor’s offices is created when businesses take advantage of year end deals and surplus taxable income to replace computers and other business equipment. Making sure your practice has appropriate amounts of cyber liability insurance as well as sound and enforced policies on how your old equipment is stored and disposed of is vital practice risk management.
Do you have a device security plan?
You cannot simply donate, gift, or throw away most computer equipment
Taking a tax deduction for donating safe electronic equipment after determining it does not contain confidential information is a relatively standard business practice. Items like mice, keyboards, power supplies, and monitors are common safe examples, but computers themselves and any other devices that transfer, copy, or store data create a serious liability for physicians.
Whether your devices are going to be destroyed, donated, or recycled, all data on the computer must be wiped as a minimal first step. Security software available at most office stores can help and may already be present in your operating system or anti-virus programs. Remember that “deleted” data on personal computers is not actually “erased” unless the hard drive itself is virtually destroyed.
Think beyond “computers”
While computers themselves pose the most obvious threat to legally onerous financial and HIPAA-protected information, they are not your only risk. Other devices, including scanners, printers, and fax machines, can store thousands of images and pages of data. Your practice must securely dispose of a variety of computer and related electronic devices including the following, admittedly incomplete list:
Other layers of cybersecurity: Professional IT help and all the right insurance
Organized, international crime syndicates now commonly instigate hacking, spoofing, phishing, and other online fraud and have pierced the security of even the biggest retailers and healthcare systems in the country.
Given the massive scope of the liability involved, top-notch professional IT support that includes security software and online security training for your staff should be considered mandatory for business asset protection and risk management. Some IT providers can also help securely dispose of your equipment.
Finally, consider if your business insurance coverage adequately protects you in case of accidents, mistakes, or breaches. Your practice should have seven figures in data breach/cyber liability insurance, not just a $50K or $100K rider that shares limits with your malpractice policy. Likewise, you should also have seven figures in stand-alone “directors and officers” coverage to protect yourself and your executives from executive liability that names you personally for business-related claims.
Attorney Ike Devji has practiced in the areas of asset protection, risk management, and wealth preservation law exclusively for the last 15 years. He helps protect a national client base with over $5 billion in personal assets that includes several thousand physicians and is a contributing author to multiple books for physicians and a frequent medical conference speaker and CME presenter.