CBL Data Recovery Media Coverage

Need More Information? Have a look a CBL's Data Recovery Articles, Press Releases and CBL News Features

Discarding Dangers

Article: Advance for Directors in Rehabilitation — May 17, 2007

Author: Tim Margeson
General Manager
CBL Data Recovery Technologies Inc.

Removing sensitive patient data from old computers is essential to protect health information.

Data privacy in today’s age of the Internet, online information repositories and e-government has become more complex, particularly in health care environments. Securing protected health information (PHI) is no longer as simple as locking a file folder in a cabinet.

Patient data such as drug regimens, psychological history or diagnostic images (including X-rays and ultrasounds) is now distributed across physical buildings and computers as health care professionals consult with one another and collaborate via e-mail and networks. As such, it’s increasingly difficult to track where patient information is actually being stored. One certainty is that patient data that is stored on computers-PCs, laptops in private physician practices or on servers in a specific department-will eventually be discarded or redeployed for another purpose.

Under HIPAA rules, health care organizations must understand the flow of PHI and have mechanisms in place to secure access to that data. Taking this a step further means discarding computers in a manner that prevents others from gaining unauthorized access to confidential PHI.

Normally, the primary concern of most health care organizations is to ensure that data is available to staff when it’s needed. However, discarding old computers requires you to destroy confidential data so it does not fall into the wrong hands.

Data is a lot like DNA. It can be inherited. It can mutate. Typical computers used in health care contain confidential material such as patient records, accounting records, X-rays, diagnostic images and much more. To a data-recovery expert they are nothing more than “0s” and “1s” organized on the computer’s hard disk drive and much easier to retrieve than one might think.

Sometimes computers are turned in for newer models when leases expire, and sometimes they are simply “inventoried” and placed in a storage room to gather dust. Often old computers are donated to charity, auctioned off or sold to the general public with the data still residing on the hard drives.

Whether discarded individually or en masse, it is entirely possible that these computers still contain PHI. Much of that data could be software applications and trivial information, but frequently the information remaining on these computers can be extremely sensitive.

Lost, but not irretrievable
Data on computers, despite apparent loss due to natural disaster, equipment failure, human error or security breaches, is rather resilient. Data often thought irrevocably lost can be retrieved by data-recovery specialists. Likewise, data thought to be deleted from a system is often still resident on a discarded computer’s hard drive.

Data removal procedures go beyond the simple deletion of a file from the computer user’s desktop. Individuals who come into possession of previously used systems can reconstruct data even after the storage media has been erased.

What many users don’t realize is that when most computers delete a file, the contents of the file are not actually removed: the file, at least in the short term, is still resident on the hard drive, but it’s no longer linked to the file system. The data remains on the disk until the operating system reuses those sectors to write new data.

In order to confirm a deleted file has been deleted, it is necessary to overwrite the data sectors of that file. Until the old data is actually overwritten by new information, it can be recovered by programs that read disk sectors directly, such as forensic software, commercially available data-retrieval software or data-recovery techniques. As a result, data thought to be deleted may remain on the drive.

There are a number of ways to ensure the destruction or inaccessibility of data on hard drives. As detailed in the following sections, wiping, degaussing, clearing and media destruction are among the methods that have been employed to safeguard against disclosure of sensitive information.

Wiping
The wiping of sensitive data from a computer’s hard drive or a removable storage device is the best method of data destruction to guarantee the data can’t be reconstructed through laboratory techniques. Wiping is essential when hardware containing sensitive data is moved from a secure facility to a non-secure facility or environment. Software-based data destruction methods are inexpensive and easy to use for the average computer user.

Software used for data purging is available on the market from a number of vendors.

Degaussing
A more severe approach to data erasure is degaussing, which often renders hard drives inoperable. The degaussing process erases the magnetic media. As a result, degaussing can prevent computers from being recycled for educational use, charitable donation or resale to the general public. The sensitivity of the data stored on the computer and the feasibility of software purging should be weighed before one makes the decision to degauss hard drives.

Clearing
A less extreme way of data erasure is the removal of sensitive data from storage devices in such a way that there is assurance-proportional to the sensitivity of the data-that the data may not be reconstructed using normal system capabilities. Clearing is feasible when the storage media is reused within the same computer and same office. For example, if the computer is simply being cleaned up for a new staff member taking over from a departing staff member, it is remaining in the same controlled environment.

Clearing can be accomplished by overwriting the unassigned system storage space on the disk. A single overwrite of a file or all system storage is usually enough to make sure that previous information cannot be rebuilt.

As mentioned earlier, simply deleting a file only removes the directory pointers to the file; the digital information is still on the computer until overwritten. Even reformatting, or repartitioning a hard drive is not enough to guarantee that the files are completely gone, even if the end user can’t browse them or open them with an application.

Ultimate destruction
In extreme cases where the destruction of data must be guaranteed and the chance of retrieval must be eliminated, physical destruction of the hardware is the best course of action.

Media may generally be destroyed by using a number of methods, including an abrasive substance on magnetic disk or drum recording surfaces. Corrosive chemicals can have the same desired effect, but regardless, the entire recording surface must be completely removed before disposal. Destruction of drive (or the entire computer, for that matter) can also be achieved by being smelted, disintegrated or incinerated at a metal destruction facility.

Note that even if you decide to destroy the hardware completely, it is still a good idea to purge media before submitting it for destruction.

Hold on a second
While making sure sensitive data does not fall into the wrong hands should be established policy, it is important to make sure that data is no longer needed. If it is, make sure it can be found on another computer or server.

Before disposing of any computer hardware, be sure to back up the data in a secure location. Just because the computer is no longer needed, doesn’t mean the data isn’t still required.and that data may not be found anywhere else in the organization. You may also discover legal requirements for maintaining certain information, including medical records, long after the patient has left the facility

Ultimately, however, the safeguarding of protected health information is critical and properly removing this sensitive information from computer hard drives must be incorporated within any other security and privacy policies and processes.

Mr. Margeson is general manager of CBL Data Recovery Technologies, an international provider of data recovery services to consumer, enterprise and public-sector clients who experience data loss disasters. He can be reached at: 1.800.551.3917 www.cbldatarecovery.com