business

Going beyond delete: How to really erase information

Updating computer systems can be challenging enough, but then you have to get rid of the old one. And more important, get rid of the data it stores.

By Tyler Chin — Posted Sept. 12, 2005

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

When you replace computer systems, it's likely you will have to throw out your existing computer equipment. But before you can dispose of that hardware, you need to take three steps:

  • Converting or transferring files from the old to the new system, although that data conversion generally will be handled by your vendor if you're switching physician practice management or electronic medical records systems.
  • Deleting personal information and patient records stored in the old computer.
  • Figuring out how to dispose of that PC.

Of the three things on that to-do list, removing patient data from the computer's hard disk should be your top priority, because if you don't, you will be exposed to several risks if those data fall into the wrong hands.

First, you could be fined or even imprisoned for violating the federal privacy and security rules of the Health Insurance Portability and Accountability Act. Second, patients could sue you for breach of privacy or another tort under state law. Third, patients also could sue you if criminals use the data to steal your patients' identities. Fourth, you could find yourself the lead story in your local newspaper or television station.

"In some ways [public embarrassment] will be the worst penalty," said Robert Gellman, a privacy and information policy consultant in Washington, D.C. "These kinds of stories are very attractive to newspapers."

There are three ways to get rid of data from a PC, and deleting files and reformatting a computer's hard disk or drive aren't among them, experts say. When you delete files or reformat the hard disk, the data simply are hidden and can easily be retrieved by computer experts, said Tom Grove, a HIPAA and information technology consultant in Manassas, Va.

One way to ensure that data are permanently erased is to physically destroy the hard disk by removing it from the box and drilling a hole right through the center of the disk, Grove said.

Another involves using free and commercial software programs that overwrite the hard disk with random zeros and ones, Grove said. Such software is available for $30 to $50. The software follows the data security standard of the U.S. Defense Dept., which calls for three "passes" or overwrites, he said. Overwriting "is not something you do in just five minutes. It's an overnight job -- the kind of thing you set up at night and it's done when you come back to the office the next morning," he added.

Physicians also can erase data from old computers by running a powerful magnet over the hard disk, either by outsourcing the job to a third party or doing it themselves. This method, which is known as "degaussing" and renders the disk unusable, usually costs "approximately $10 per hard drive plus shipping if applicable," said Richard Angeloni, a spokesman for Brown & Toland Medical Group, a San Francisco-based independent practice association.

Although experts say that either degaussing or data erasure software will permanently wipe or "sanitize" a hard disk, the IPA uses both methods on every PC or laptop it disposes of just to be sure. "We prefer extreme measures only because ... potentially at some point in time an individual will come along and be able to defeat [a single measure as advances in technology are made]," said Tom Macmillan, the IPA's director of information technology.

But before you erase data and toss a PC away, you should make sure you save or transfer files from the old computer system to a new one. You can do that by transferring old files on a CD-ROM, network or server, Grove said. "You obviously don't want to throw away your only copy of important data."

If you're switching to a computer running Windows XP, you should be able to read Windows 95 or Windows 2000 documents on the new PC, experts say. But problems can occur if you're still running an application based on DOS -- Microsoft's original operating system -- on the old PC. In that case, you might or might not be able to install that application on a new Windows XP computer, said Troy Johnson, manager of information technologies at MedAllies, a Wappinger, N.Y.-based company that provides information technology and services to physician offices. "It would have to be on a case-by-case basis," he added.

Although there's a good chance you might not be able to install a DOS program from Microsoft, you should be able to read DOS files on the new PC if they are simple text files, Johnson said.

But files created using software from other third-party vendors might have their own proprietary format. You may want to check with your vendor to see if they have a new version that runs under Windows XP and a conversion tool to convert the old version files.

If they don't, or the DOS applications won't run on the new PC, you might have to keep the old computer if you want to continue using the DOS application.

"Most of my hospital clients have at least one machine that's running DOS because they have some software program that they haven't replaced yet," Grove said. "It's the only DOS machine in the house. It sits in the corner. ... Everybody hopes that it doesn't die."

Back to top


ADDITIONAL INFORMATION

E-waste stats

  • Less than 4% of the total solid waste stream in the United States is composed of computers, televisions, cell phones and other discarded electronics, but "electronic waste" is growing two to three times faster than any other type of waste.
  • Up to 500 million computers -- 62.5 million each year -- will become obsolete and enter the municipal solid waste stream between 2000 and 2007.
  • Only 9% of the 2.2 billion tons of the e-waste generated in 2000 were recovered for reuse or recycling.

Source: Environmental Protection Agency

Back to top


Paper chase

Do you want to free up office space or eliminate the expense of storing paper-based patient records by tossing them?

Before you do, make sure it's OK to get rid of the paper, said Carol Quinsey, a manager of professional practice resources at the American Health Information Management Assn., a Chicago-based industry group.

"A few states still require that the paper record be kept, but those are mostly being challenged by various people saying, 'Wait a minute. This is ridiculous. We can produce it on paper if that's what you want us to do, but we shouldn't have to keep it on paper because it's getting costly ... to store paper records,' '' she said.

Most states don't require that doctors keep their records on paper, though they do require that records be retained for a specific period, which varies from state to state. Doctors can transfer paper records to microfiche, CD-ROM or DVD. After the transfer is completed, "the paper then can be disposed of at any time as long as it is disposed of in appropriate ways," Quinsey said. Typically, that means burning, shredding or pulping the records in chemicals, she added.

AHIMA recommends that physicians outsource the destruction of paper records to a third party rather than doing it themselves. That's because doctors will receive a certificate of destruction or disposal from the third party, which would come in handy later if a question arises about whether they properly disposed of their records, Quinsey said.

Back to top


Sell, donate, recycle; just keep e-waste out of the dump

Since 2001, Minnesota, Virginia and Arkansas have banned computers, electronics or both from their landfills, and electronic or e-waste legislation was introduced in more than 25 states this year, according to the National Conference of State Legislatures.

This means that selling, donating and recycling computers increasingly will become the only options available to those seeking to unload old hardware.

"Even if your computer can be refurbished and reused [by others], that only puts off its ultimate destination for a couple of years. Sooner or later, it's going to hit the trash heap," said Dan K. Morhaim, MD, a delegate in the Maryland General Assembly and emergency physician who advocates recycling over sales or donations.

A bill Dr. Morhaim introduced requiring computer manufacturers to pay $5,000 annually if they do business in Maryland will become effective Oct. 1. That money will be used to fund a statewide computer recycling program, he said.

Doctors can check whether their local government has a computer-recycling program and if there are fees attached, Dr. Morhaim said. Physicians also can sign up for "asset recovery services," under which some computer manufacturers will erase the hard disk and dispose of PCs.

For example, Dell charges businesses $25 per piece of equipment, which could be a desktop, monitor, laptop or server from any maker or manufacturer, said Caroline Dietz, a Dell spokeswoman. Dell also will recycle a consumer's old PC for $10 per machine, though the service is free to those who buy a new computer, she said.

Back to top


External links

American Health Information Management Assn. on the destruction of patient health information (link)

AHIMA on the protection of patient information after a facility closure (link)

Back to top


ADVERTISEMENT

ADVERTISE HERE


Featured
Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story


Read story

Goodbye

American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story


Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story


Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story


Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story


Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story


Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story


Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn