Do No Harm When Disposing Old Computer Equipment
During the spring of 2006, residents of Rice Lake, Minnesota noticed computer equipment bobbing up to the surface of their precious lake. When authorities were called in, they dredged out an old fishing boat sunk under the weight of unwanted computer equipment. In all, 64 computer units were pulled from the submerged boat. Each contained metals and hazardous pollutants such as lead, cadmium and mercury.
“It would take a long time for these materials to leach out of where they are, but left there long enough, that would happen,’’ said Jeff Connell, manager of compliance and enforcement for the Minnesota Pollution Control Agency. He said the heavy metals eventually would have found their way into the food chain.
The equipment came from Hamline University and was sent to a local recycler who apparently thought they would work better as boat anchors.
Mountains of E-Waste
Our appetite for technology is insatiable. Over 300 million computers and one billion cell phones are produced every year. All of these electronics eventually become obsolete or unwanted, often within 2 to 3 years of purchase. In the U.S., we scrap about 400 million units per year of consumer electronics. This global mountain of waste is expected to continue growing 8% per year, indefinitely.
The EPA estimates that in 2007, the U.S. generated over 3 million tons of e-waste. But only 13.6% of that was collected for recycling. The other 86.4% went to landfills and incinerators, despite the fact that hazardous chemicals in them can leach out of landfills into groundwater and streams, or that burning the plastics in electronics can emit dioxin.
Older monitors and televisions made with glass tubes contain between 4 and 15 pounds of lead. Most of the newer LCD monitors and TV’s avoid the need for lead. Unfortunately, they feature fluorescent lamps as a light source, and these lamps contain mercury, which is more hazardous than lead. About 40% of the heavy metals in landfills, including lead, mercury and cadmium, now come from electronic equipment discards.
Toxics in technology are released during the production, use and disposal of electronic products, with the greatest impact at end-of-life. Harmful chemicals released from incinerators and leached from landfills contaminate air and groundwater.
If handled improperly, the burning of plastics at the waste stage releases dioxins and furans, known developmental and reproductive toxins which persist in the environment and concentrate up the food-chain.
An estimated 70-80% of the e-waste that is given to recyclers is actually exported to less developed countries.
You have probably seen the stories in National Geographic, Frontline or 60 Minutes. They document the trail of electronics as it heads to China, India and Africa in what seems to be unfathomable quantities.
In 2001, and again in 2008, the Basel Action Network (BAN) led several groups in an investigation of e-waste processing in China, India, and Pakistan. The investigation uncovered an entire area known as Guiyu in Guangdong Province, just 4 hours drive northeast of Hong Kong, where about 100,000 poor migrant workers are employed breaking apart and processing obsolete computers imported primarily from North America.
The workers were found to be using 19th century technologies to clean up the wastes from the 21st century. They burned off the PVC wire coating to get to copper wire and used acid baths to de-plate gold from circuit boards. The tailings were then dumped in the local river, and now drinking water must be carted in from outside the region because the river is so polluted.
The health impacts of this recycling activity were evaluated in 2007 by Shantou University Medical College, an hour and a half’s drive from Guiyu. Researchers collected blood samples from 165 children in Guiyu. They found eighty two percent of the Guiyu children had blood lead levels of more than 100.
Anything above that figure is considered unsafe by international health experts. The average reading for the group was 149. The lead readings for this group were found to be higher than any other group ever studied.
Africa has become the new dumping ground of e-waste. In Lagos, Nigeria, the electronics market is full of some good quality used computer equipment, but plenty of obsolete and broken electronics that cannot be put back into use. With a pervasive informal sector involved in the repair and recycling of electronic scrap, similar health concerns for the general public have been raised by local officials.
Currently, the United States exports enough e-waste each year to fill 5,126 shipping containers. If you stacked them up, they would reach 8 miles high – higher than Mount Everest, or commercial flights.
Security Concerns From Computer Disposal
Computers, laptops, iPads, printers, copiers, cell phones, smart phones, flash drives, and compact discs all have one thing in common – they can store data. Healthcare organizations are required to protect personal health information (PHI) of their patients. That means any technology device that can store data must have that medium sanitized when no longer needed in order to protect patient confidentiality and to comply with HIPAA.
Under HIPAA, organizations must report any incidents involving a possible breach of data. These breaches cost real money – about $125 per affected individual just to notify them of the breach and to pay for a year’s worth of credit monitoring services. The US Department of Health and Human Services now tracks HIPAA data breaches on their web site.
In the last 12 months, over 112 data breach incidents were reported by healthcare facilities, and over 6 million people were affected by these breaches. This resulted in more than $800 million spent by healthcare organizations in the US to deal with HIPAA data breaches on computers, and this does not account for potential liability claims if anyone was injured by identify theft resulting from a breach. Most incidents were the result of lost or stolen computers.
In order to comply with HIPAA and mitigate the risk associated with the unwanted release of PHI, healthcare facilities need to have a comprehensive security program in place. HIPAA Covered Entities must have a designated Security/HIPAA Compliance Officer.
The organization is required to implement a security policy and provide effective training to employees. The information technology infrastructure must install appropriate safeguards to protect against data breaches. This includes integrating effective controls over the IT network, communications, and data in storage. Finally, there must be a way to track assets until PHI is destroyed on those assets.
Finding a Way to Do No Harm In IT Disposal
Electronics recycling can be done right. It just takes a little digging and due diligence. The first thing healthcare organizations should do is to find out where there old computers go now. It is not enough that it goes to a so-called recycler. Find out how they process the equipment and where they send the materials for final recovery.
The next step is to evaluate the healthcare organization’s existing IT asset disposition strategy. Each organization needs to develop its own standards for environmental responsibility, data security, and service in order to comply with regulations and achieve the mission and business goals of the institution.
It is helpful to include a broad cross-section of stakeholders in this discussion, including representatives from compliance, finance, information technology, facilities, and any sustainability committee. Together, they can help define the requirements of any disposal strategy.
When developing internal standards, organizations can consider applying programs adapted by others. The National Institute of Standards and Technology released Special Publication 800-88, “Guidelines for Media Sanitization,” which lays out a comprehensive strategy and set of requirements for data sanitization and destruction on a wide range of IT devices.
As far as environmental standards, the e-Stewards Standard for Responsible Recycling has emerged as the most rigorous approach to protecting not only the environment, but worker health and safety. It requires recyclers to become certified through independent audits of their facilities and processes.
The standard is endorsed by environmental organizations such as the Natural Resources Defense Council, Sierra Club, and Greenpeace. Some healthcare organizations, such as Premier and Nemours, have publicly committed to only using certified e-Stewards recyclers for handling their e-waste.
In the interest of “do no harm,” healthcare organizations need to be aware of the rampant problems with e-waste disposal in the world. They may believe their equipment is recycled properly, but it may just be exported unprocessed, and with personal health information still intact.
By reviewing current disposal processes and requiring the organization and its vendor meet specific health, safety and security requirements, healthcare institutions can ensure their unwanted IT hardware does not surface in a lake or in some other embarrassing and unsafe environment.
About the Author
Neil Peters-Michaud currently serves as a Governor appointed member of the Wisconsin Council on Recycling and is as a Board Member of the Weinert Applied Ventures and Entrepreneurship program at the University of Wisconsin. He has worked as a technical consultant to the International Business Leaders Forum on a project funded by the World Bank to establish a safe and sustainable electronics refurbishing and demanufacturing facility in Ethiopia.
Neil is also a founder and owner of Cascade Asset Management, a Wisconsin based information technology equipment retirement solutions provider. Neil started the company with his partner in April, 1999. Cascade now has over 70 employees and has processed over 60 million pounds of electronic equipment from companies across North America. The company now operates out of two processing facilities totaling over 65,000 square feet; in Wisconsin and Indiana.