Data privacy in today’s age of the Internet, online information repositories and e-government has become more complex, particularly in healthcare environments: Securing protected health information is no longer as simple as locking a file folder in a cabinet.

Patient data such as drug regiments, psychological history or diagnostic imaging including x-rays and ultrasounds is now distributed across physical buildings and computers as healthcare professionals consult with one another and collaborate via e-mail and networks; this means it’s more difficult to track where patient information is actually being stored. What is certain is that patient data is stored on computers – PCs, laptops at private practices or servers in a specific department – that will eventually be discarded or redeployed for another purpose.

Under HIPAA rules (PIPEDA in Canada), healthcare organizations must understand the flow of protected health information and must have mechanisms in place to secure access to that data. Take this a step further and it means discarded computer systems must not become a backdoor means to gain unauthorized access to confidential health information.

And while normally the primary concern of most healthcare organizations is to ensure that data is available to staff when they need it, the discarding of old computer systems is one occasion when going the extra mile to destroy confidential data is required so it does not fall into the wrong hands.

Data is a lot like DNA. It can be inherited. It can mutate. Typical computer users in the healthcare sector contain confidential material such as patient records, accounting records, x-rays, diagnostic images and much more. To a data recovery expert they are nothing more than “0s” and “1s” organized on the computer’s hard disk drive and much easier to retrieve than one might think.

Data-ridden computers can be discarded in a number of ways. Sometimes they are turned in for newer models when leases retired, or they are simply “inventoried” and placed in a storage room to gather dust. Often old computers are donated to charity, auctioned off or sold to the general public with the data still residing on the hard drives.

Whether discarded individually or en masse, it’s entirely possible that these computers still contain protected health information. Much of that data could be the software applications and trivial information, but frequently the information remaining on these computers can be extremely sensitive.

Lost, but not irretrievable

Data on computers, despite apparent loss due to natural disaster, equipment failure, human error or security breaches, is rather resilient. Data often thought irrevocably lost can be and is frequently retrieved by data recovery specialists. Likewise, data thought deleted from a system is often still resident on a discarded computer’s hard drive.

Data removal procedures go beyond the simple deletion of a file from the computer user’s desktop. There are methods and techniques that are used by individuals who come into possession of previously used systems who can reconstruct data even after the storage media has been erased.

What many users don’t realize is that when most computers delete a file, the contents of the file are not actually removed: the file, at least in the short term, is still resident on the hard drive, but it’s no longer linked to the file system. The data remains on the disk until the operating system re-uses those sectors to write new data.

In order to confirm a deleted file is really deleted, it is necessary to overwrite the data sectors of that file. Until the old data is actually overwritten by new information it can be recovered by programs that read disk sectors directly, such as forensic software, commercially available data retrieval software or data recovery techniques. As result, data thought to be deleted may remain on the drive if the sectors are not overwritten.

There are a number of ways to ensure the destruction or inaccessibility of data on hard drives: degaussing, overwriting, data encryption and media destruction are some of the methods that have been employed to safeguard against disclosure of sensitive information.

Wiping

The wiping of sensitive data from a computer’s hard drive or a removable storage device is the best method of data destruction to guarantee the data can’t be reconstructed through laboratory techniques. Wiping is essential when hardware containing sensitive data is moved from a secure facility to a non-secure facility or environment. Software-based data destruction methods are inexpensive and easy to use for the average computer user,
Software used for data purging is available on the market from a number of vendors.

Degaussing

A more severe approach to data erasure is degaussing, which often renders hard drives inoperable. Degaussing is a process whereby the magnetic media is erased. As a result, degaussing can prevent computers from being recycled for educational use, charitable donation or resale to the general public. The sensitivity of the data stored on the computer and the feasibility of software purging should be weighed before one makes the decision to degauss hard drives.

Clearing

A less extreme means of data erasure is the removal of sensitive data from storage devices in such a way that there is assurance, proportional to the sensitivity of the data, that the data may not be reconstructed using normal system capabilities. Clearing is feasible when the storage media is reused within the same computer and same office. For example, if the computer is simply being cleaned up for a new staff member taking over from a departing staff member, it is remaining in the same controlled environment.

Clearing can be accomplished by overwriting the unassigned system storage space on the disk. A single overwrite of a file or all system storage is usually enough to make sure that previous information cannot be rebuilt.

As mentioned earlier, simply deleting a file only removes the directory pointers to the file; the digital information is still on the computer until overwritten. Even reformatting, or repartitioning a hard drive is not enough to guaranteed that the files are completely gone, even if the end user can’t browse them or open them with an application.

Ultimate destruction

In extreme cases where the destruction of data must be guaranteed and the chance of retrieval must be eliminated, physical destruction of the hardware is the best course of action.
Media may generally be destroyed by using a number of methods, including an abrasive substance on magnetic disk or drum recording surface. Corrosive chemicals can have the same desired effect, but regardless, the entire recording surface must be completely removed before disposal. Destruction of drive (or the entire computer, for that matter) can also be achieved by being smelted, disintegrated or incinerated at a metal destruction facility or through incineration.
Even if the decision is made to destroy the hardware completely, it is still a good idea to purge media before submitting it for destruction.

Hold on a second!

While making sure sensitive data does not fall into the rights should be established policy, it is important to make sure that data is no longer needed; if it is, make sure it can be found on another computer or server.

Before disposing of any computer hardware, be sure to back up the data in a secure location. Just because the computer is no longer needed, doesn’t mean the data isn’t still required, and that data may not be found anywhere else in the organization. There could also be legal requirements for maintaining certain information, including medical records long after the patient has left the facility

Ultimately, however, the safeguarding of protected health information is critical and properly removing this sensitive information from computer hard drives must be incorporated within any other security and privacy policies and processes.

http://www.cbltech.com