Guest Column | March 2, 2020

ITAD: Why This Facet Of The IT Life Cycle May Be The Key To Securing Healthcare Data And Empowering Innovation

By James Patrignelli, Liquid Technology


Not long ago, Microsoft disrupted end users and businesses alike by announcing that Windows 7 was entering its end of life phase on January 14, 2020. As an operating system that stands as an institution due to its enduring and widespread popularity — while out of date, the program still runs on more than a quarter of the world’s desktops — Windows 7 has thrown many into a long-due upgrade process. For healthcare, however, this change may come as a particular blow.

The HIPAA Journal reports that the healthcare industry represents the largest percentage of Windows 7 devices out of any industry. In fact, healthcare as a whole often has a reputation for remaining a bit behind the pack when it comes to technology penetration and the implementation of new digital strategies. With so much private and sensitive data being stored within traditional systems, it’s not hard to see why many institutions may be hesitant. Not to mention, questions around technology monetization, project financing, data overwhelm and beyond often keep healthcare sticking to tried and true methods.

However, when it comes to cases of IT renewal and innovation such as the one caused by Windows 7, the risks of remaining in the old world of technology far outweigh the risks of change.

A Case For Change

With no more patches or updates being made available for Windows 7 (save for one), the security measures in place will no longer grow in strength as cyber-attacks grow in prevalence and severity, meaning that healthcare will put itself at risk if it fails to switch. Furthermore, this kind of risk isn’t limited to Windows 7 — it’s a common theme across any outdated system. Vulnerabilities in security systems are amplified as time goes on, meaning that private patient data becomes more susceptible to leakage and hacking.

Regulations for sensitive data across all verticals are tightening due to the increasing threat of data leaks, and the global average cost of a breach rose to $429 per record compromised in 2019. This means that healthcare institutions must remain up to date if they want to safeguard public trust and protect their bottom lines. Since data breaches prove to be no small incident (reports note that upwards of 40 million patients in the U.S. were affected by health data breaches in 2019), this is one of the most compelling reasons to make updating IT a priority.

The HIPAA Journal also states that the continued use of unsupported operating systems is a violation of HIPAA. If healthcare institutions’ data is exploited and exposed due to an outdated system weakness, they face a regulatory fine. Even institutions wishing to avoid fines will be targets of unforeseen costs if they wish to remain compliant: extended security updates to enterprise Windows 7 users do come at an annual per device fee, which starts at $25 per device in 2020 and goes up every year until January 2023.

Beyond the threat of fines, lawsuits, penalties or damaged customer confidence, there exists a host of positive reasons why healthcare should be looking to update their IT. These include everything from greater efficiency and increased value for patients to the first-mover advantages and vital competitive benefits that come with implementing cutting-edge capabilities.

Examining The IT Renewal Process

The IT turnover processes that come with the integration of new operating systems or new equipment are often seen as a time of vulnerability when data security is at its weakest. It’s true that when getting rid of old or unusable equipment and systems, the risk to data does increase in some cases. This is why technology replacements and the increasing speed and frequency at which they’re needed is underscoring the focus on one critical — and often overlooked — facet of the equipment life cycle: IT Asset Disposition (ITAD). By understanding the need for ITAD and ensuring it’s among the top IT business considerations, the risks of equipment replacements and upgrades can be mitigated or even totally averted while the benefits of innovation are made more accessible.

As one of the most important components of maintaining thorough, end-to-end security and compliance, IT Asset Disposition encompasses the many processes and considerations that surround the disposal of unwanted or obsolete technology. ITAD holds the potential to empower healthcare by allowing institutions to replace their outdated equipment in the safest, most ethical and compliant manner while recouping as much value as possible from their lingering equipment. As such, ITAD is likely to be one of healthcare’s biggest risk aversion and compliance considerations going forward, as well as a pivotal ally in empowering digital transformation.

If not handled properly, however, asset disposition can be the weak link in a data security strategy, allowing for damaging issues and consequences to emerge down the line. If assets are decommissioned improperly or left to in-house teams that lack the proper expertise, equipment and the remaining data it holds can be subjected to non-compliant or less-than-thorough solutions.

The Secret To Success And Security

Creating successful equipment turnover and decommissioning can be as simple as choosing the right partner and creating a thorough action plan. A capable, thorough and compliant disposition specialist should be certified, strictly following NIST (National Institute of Standards and Technology) SP 800-88 standards for data erasure and destruction. They should also provide a certificate as proof of suitable destruction. Additionally, due to the damaging environmental consequences that can stem from improperly managed assets, finding a specialist that is e-Stewards, R2, and NAID-certified make it certain that all processes are eco-friendly, ethical, and socially responsible.

An ITAD specialist that meets the unique needs of healthcare institutions should also cater to the demand for cost efficacy by recouping as much residual value from the lingering assets as possible. To do this, a specialist is needed in order to effectively recycle and resell according to an array of variables such as value windows and manufacturer’s suggested retail prices (MSRP).

Preparing For What’s Ahead

No matter how healthcare changes in the years to come, the importance of data safety will always remain. This is why a comprehensive ITAD process and a trusted partner with the necessary insight and resources is critical for institutions to get where they need to be in an era of rapid IT transformation and data vulnerability.

ITAD is not a set-and-forget process, and ongoing maintenance is vital for continued safety and security but establishing that foundation of due diligence as soon as possible is the secret to starting any IT renewal off on the right foot and staying ahead of change.

About The Author

James Patrignelli: works with executives to develop and implement end of life IT asset management programs for Fortune 500 companies with a focus on data security and maximizing the return of IT hardware. He has worked in the IT Asset Disposition (ITAD) field since 2005 and has advised CIOs, CTOs, and data center managers across the globe about best practices for end of life IT asset management.