The following are some products we use regularly – and recommend to our clients. They are usually free to use and are very well known.
7Zip (http://www.7-zip.org/) – FREE
7Zip is a free program that is well known and automatically uses 256 bit encryption when you put a password on the archive. It is easy to use – very much like WinZip that was popular years ago. The two main things in favour of this program are that it is free and automatically uses 256 bit encryption. It is great for encrypting small numbers of files into one file before emailing it or sharing it with others.
TrueCrypt (http://www.truecrypt.org/) – FREE
TrueCrypt is a great program for encrypting entire hard drives or creating encrypted containers on hard drives. This is great if you want to create a large encrypted container that you can mount and store files in. TimeAcct has easy to follow and use documentation on how to use TrueCrypt. If you would like a copy, just contact us at firstname.lastname@example.org and we will happily send you a document.
Eraser (http://eraser.heidi.ie/) – FREE
When you delete a file on Windows (or Mac/Linux for that matter) – it does not actually delete the file. All it does is mark the file as deleted. It is fairly easy to recover deleted files – sometimes even after they have been overwritten with other data. In order to meet government requirements for properly destroying files, you need to use a program like Eraser. It overwrites the file data up to 7 different times, following proper processes for data destruction. If you do not use a program like Eraser on a hard drive, then you are most likely not meeting your legal requirements under PIPEDA (or like legislation) in Canada.
Note – if you are dealing with removable hard drives, USB keys, etc. we would recommend using this program and then destroying the actual drive by driving nails through it, etc. before disposing of it.
This is another situation we deal with far too often. We are all so used to using email to communicate that we use it without really understanding the underlying technology. Since we deal with doctors and clinics during the extraction and conversion process, validating their data – there are times when we need to have a copy of the original medical record to be able to compare it to what we have extracted. In one case last year, a doctor simply exported the record and emailed it to us as free text. It had the patient demographics and the full medical record in the text. Now, this in itself violates Canadian law – as they have breached patient privacy by sending the record through the internet without any encryption. However, it was made even worse by using Gmail. Gmail will parse that email and store it on its servers, which are all based in the USA. So, not only was it sent without encryption, it was now stored outside of Canada. The doctor was horrified when we explained what he had done, however the damage had been done.
First of all, no medical record information should be sent via email without a very strong encryption. See a post below for product recommendations. Second, no medical office in Canada should use the free email services from Google (Gmail), AOL, Microsoft (Hotmail), etc. for their businesses. These systems all host their email systems outside of Canada and will simply complicate any breach that may occur.
However, it is not just email systems that may cause you issues. There are other ‘personal’ technologies that people use without understanding the consequences that they may bring. Take for example various Cloud services that synchronize data between your computer and your phone and other devices (iCloud from Apple for example). These services are usually hosted outside of Canada. This means that even if you have taken care to use a Canadian hosted email address, by syncing with your phone or tablet, second computer, etc., you may be storing email data outside of Canada and therefore violating Canadian laws without realizing it.
1. Do not use foreign email hosts for your office work. Exmples woud be GMail, HotMail, Yahoo Mail, etc.
2. Becareful of what technologies you use, as there may be un-intended consequences.
3. Always encrypt anything regarding patients that you must send via email.
We deal with this situation more often than I would like to admit and it takes many forms. Some examples are:
– The IT staff performs regular backups of the server on which the EMR is installed. These backups are then taken off site on a regular basis
– IT staff take a backup of the data and ship it to a vendor for extraction/conversion
– Old data is stored on external drives to save space
There are various other situations, but they all have the same issue – patient identifiable data is stored on removable storage that is easily transported or stolen without any encryption. This is simply illegal. It does not matter that it is part of a nightly backup, it doesn’t matter that it will only be on the drive for a short period of time, it doesn’t matter that it is ‘old’ data. All that matters is that it is encrypted and that the patient data is protected.
We have two great examples of the above situations. The first was a clinic in Nova Scotia that had a locally installed EMR and they faithfully backed up their server every night – and even had a five drive backup rotation schedule for the best protection. Each night a drive was taken home by a staff member and the next day they brought back a drive. So – there was always at least one drive off site at the home of a staff member. This is a decent IT practice to help protect the clinic from data loss. The clinic had even hired an IT Consultant to set it up for them – the same company that took care of all their IT needs. The problem was that none of the drives where encrypted and the ‘backup’ was a clear copy of the data drive on the server. So – each drive contained easily accessible (dBase files) that contained all the patient information in the clinic. And to make matters worse – it was being taken out of the business environment to the home of one of the staff. What would have happened if that staff member’s home had been broken into? I would not want to be the doctor making the report to the RCMP about exposing all his medical data because someone stole a drive from the home of a staff member.
Just like the first example this next one shows how, even with good intentions, you can expose yourself when you are simply trying to protect the data. Another clinic had data from an older EMR that they wanted to hold onto. They got the data scanned into PDFs and held it on a special external hard drive device. This device contained four hard drives in what is called a Raid 5 configuration – which really just means that if one drive fails, you don’t lose your data. The problem was that, like many smaller doctors’ offices, the spouse did the accounting from home – and this drive constantly went back and forth between the doctor’s office and their home. They had purchased it to protect the data, but had not thought to encrypt it. The problem they ran into was that they could not just simply move the data to a new drive, encrypt the old drive and copy it back. The information on the old drive would first need to be purged in a secure fashion using a program like Eraser (see Recommended Tools in another post below) – in order to meet legal requirements. As this was a fairly large drive – it was going to take time and effort to solve their problem correctly and reduce their liability moving forward.
1. Never put data on removable media, unless it is encrypted with a minimum of 256 Bit encryption.
2. Make sure your backups are encrypted and well protected.
3. When you destroy the data, take special care to make sure you have done it properly.
We dealt with this situation few years ago, where a doctor was converting from one EMR to another. He wanted to keep his old system for reference, but did not want it taking up space in the office. So his solution was to take it home with him. We mentioned to him that doing so would expose him to a lot of liability if he did not first encrypt the disks on the computer he was going to bring home – due to it containing medical records. His response was that he only used to the old EMR for billing and therefore it only contained the patient billing information, which did not, in his opinion, violate patient privacy.
This response showed his total lack of understanding of what he was dealing with. First, the term “just billing information” is anything but. The Billing information in Canada uses ICD9 codes – and a direct link to patients. This means that the billing information, the doctor was referring to, contains the diagnosis for all his patients! As well, the tie to the patient was a direct link to the entire patient demographics (name, address, phone, birthdate, sex, health card number, social insurance number, etc.). Billing data is anything but ‘just billing information’!
Aside from diagnosis information in the above example, which would make any privacy breach just that much worse, the demographics information alone is considered personally identifiable information and is protected by both Federal and Provincial legislation.
Another point to consider is that the doctor was moving a business asset out of the business environment and into his home. Would his insurance company have covered any loss of that hardware or liability if the breach occurred outside of the business premises? The risks associated with this action far exceed any possible gains on the part of the physician. Thankfully, once we pointed out these issues, the physician chose to leave the server in his office and over a period of a year and then decommissioned the entire older EMR.
1. Almost all data in an EMR should be kept private.
2. Do not take data outside of your business environment unless you have a very good reason.
Welcome to our blog on Electonic Medical Record Data. We will be posting various entries here on all aspects of EMR data, in order to encourage discussion on the topic and share our thoughts.
We encourage you to join us – and make posts and comments!
G. Bradley MacDonald
1. All comments will be held for manual approval. This will help us deal with SPAM and other issues associated with running a blog on the Internet.
2. The following blog entries are the opinions of the posters and readers should seek out pertinent professional advice before acting on any suggestions, real or implied.