In this interview, Peter Krause, Head of Healthcare Sector Sales Germany at CHG-MERIDIAN, talks about data protection in the healthcare sector and the requirements for data erasure, which many people are unaware of, especially in the case of printers and similar equipment.
Peter Krause is an established international expert in the healthcare and healthcare technology sector with over 15 years’ experience in managing asset and trade financing. As the Head of Healthcare Sector Sales in Germany, Krause is responsible for the development and delivery of customer-specific usage models for healthcare technology investments at CHG-MERIDIAN.
We have seen from our own experience that this is a problem for customers – the topic is complex and has created uncertainty, especially with regard to individual areas. Many companies in the healthcare sector have stepped up the protection of their IT systems against external attacks, but when it comes to end-of-life processes for their IT assets, there is much need for improvement. What happens to the data stored in the devices that are being replaced? Output devices such as printers, copiers, and multifunction printers store personal data, and the erasure of all data storage media in these devices is also subject to the strict regulations. That is why we offer certified, non-captive, and GDPR-compliant data erasure for SSD, hybrid, and flash storage media. Our eraSURE® method answers some of the demands of the new regulation and meets the need for a certified data erasure process for output devices, laptops, tablets, smartphones, and other assets.
First, we look at the level of protection required for the individual customer’s data. Is the data to be erased of a general or an internal nature? Do the storage media contain highly sensitive data that should remain confidential? What if the data is top secret? We work with the customer to select the erasure concept that best meets their protection needs. We then provide a seamless process, from the collection of the old assets to the erasure of the data at CHG-MERIDIAN’s technology and service center. Customers requiring a very high level of protection can select our eraSURE®+ product, which includes rollback using sealed transport with GPS tracking and erasure in a secure area with biometrically controlled access.
It always becomes difficult whenever tight budgets and a shortage of staff coincide. And this is quite often the case in German hospitals. A survey conducted in 2017 by auditing firm Curacon concluded that a) almost 70 percent of internally appointed data protection officers had not been officially released from other duties and had overlapping roles; b) four-fifths of hospitals use the traditional ‘user name and password’ method of restricting access to personal data; c) passwords are rarely changed at regular intervals. As a consequence, there is an increased risk in this area due to the overlapping roles and lack of expertise and training of data protection officers. There is no reason why compliance with GDPR should come with such risks and have a negative impact on a company’s workforce. It is exactly here that the burden on internal resources can be reduced, freeing up employees to concentrate on their core business. Over the long term, this can increase efficiency and lower costs.
We take a holistic approach to optimizing our customers’ IT and healthcare technology that combines technical, administrative, and process-related expertise. Sticking with the example of the printer – once it has been decommissioned, it needs to undergo certified data erasure and the new asset must be seamlessly integrated into the existing infrastructure. The new printer has to meet the hospital’s security requirements and its efficiency has to be monitored. The optimization of internal processes plays an important role when it comes to commissioning. User identification measures, for example, can help to facilitate access control. The old printer is collected by us and its storage media undergo certified erasure at our technology center. If the asset is remarketed, it can even provide a financial return.
Our holistic customized business concepts allow us to analyze and optimize the product lifecycle of every asset. Now that healthcare technology and IT are converging more and more, our approach offers considerable advantages when it comes to establishing an efficient, networked technology infrastructure that is fit for the future. Tailor-made solutions enabling the development of customized business concepts are key to successful technology investment. Erlangen University Hospital is a current example of how well this approach works. The hospital had requested a proposal for an output solution. We successfully presented the customer with a fully integrated solution that met their specific requirements, and are currently integrating it into the customer-specific work processes. Our solution provides transparency of all costs and consumption-based data, enabling the hospital to use its output devices more efficiently.
We were very pleased with CHG-MERIDIAN’s end-to-end solution for our output systems, and we are now working together to optimize the hospital’s IT infrastructure. We also value the fact that we can entrust CHG-MERIDIAN with our data erasure processes. After all, GDPR not only requires every company to have a sophisticated data protection plan, it also demands the same for data erasure.