All posts by TimeAcct

EMR Data Security #2: Removable Storage – Must be Encrypted

We deal with this situation more often than I would like to admit and it takes many forms.  Some examples are:

–          The IT staff performs regular backups of the server on which the EMR is installed.  These backups are then taken off site on a regular basis

–          IT staff take a backup of the data and ship it to a vendor for extraction/conversion

–          Old data is stored on external drives to save space

There are various other situations, but they all have the same issue – patient identifiable data is stored on removable storage that is easily transported or stolen without any encryption.  This is simply illegal.  It does not matter that it is part of a nightly backup, it doesn’t matter that it will only be on the drive for a short period of time, it doesn’t matter that it is ‘old’ data.  All that matters is that it is encrypted and that the patient data is protected.

We have two great examples of the above situations.  The first was a clinic in Nova Scotia that had a locally installed EMR and they faithfully backed up their server every night – and even had a five drive backup rotation schedule for the best protection.  Each night a drive was taken home by a staff member and the next day they brought back a drive.  So – there was always at least one drive off site at the home of a staff member.  This is a decent IT practice to help protect the clinic from data loss.  The clinic had even hired an IT Consultant to set it up for them – the same company that took care of all their IT needs.  The problem was that none of the drives where encrypted and the ‘backup’ was a clear copy of the data drive on the server.  So – each drive contained easily accessible (dBase files) that contained all the patient information in the clinic.  And to make matters worse – it was being taken out of the business environment to the home of one of the staff.  What would have happened if that staff member’s home had been broken into?  I would not want to be the doctor making the report to the RCMP about exposing all his medical data because someone stole a drive from the home of a staff member.

Just like the first example this next one shows how, even with good intentions, you can expose yourself when you are simply trying to protect the data.  Another clinic had data from an older EMR that they wanted to hold onto.  They got the data scanned into PDFs and held it on a special external hard drive device.  This device contained four hard drives in what is called a Raid 5 configuration – which really just means that if one drive fails, you don’t lose your data.  The problem was that, like many smaller doctors’ offices, the spouse did the accounting from home – and this drive constantly went back and forth between the doctor’s office and their home.  They had purchased it to protect the data, but had not thought to encrypt it.  The problem they ran into was that they could not just simply move the data to a new drive, encrypt the old drive and copy it back.  The information on the old drive would first need to be purged in a secure fashion using a program like Eraser (see Recommended Tools in another post below) – in order to meet legal requirements.  As this was a fairly large drive – it was going to take time and effort to solve their problem correctly and reduce their liability moving forward.


1.  Never put data on removable media, unless it is encrypted with a minimum of 256 Bit encryption.

2. Make sure your backups are encrypted and well protected.

3. When you destroy the data, take special care to make sure you have done it properly.

EMR Data Security #1: I will just take my old EMR home for Reference

We dealt with this situation few years ago, where a doctor was converting from one EMR to another.  He wanted to keep his old system for reference, but did not want it taking up space in the office.  So his solution was to take it home with him.  We mentioned to him that doing so would expose him to a lot of liability if he did not first encrypt the disks on the computer he was going to bring home – due to it containing medical records.  His response was that he only used to the old EMR for billing and therefore it only contained the patient billing information, which did not, in his opinion, violate patient privacy.

This response showed his total lack of understanding of what he was dealing with.  First, the term “just billing information” is anything but.  The Billing information in Canada uses ICD9 codes – and a direct link to patients.  This means that the billing information, the doctor was referring to, contains the diagnosis for all his patients!  As well, the tie to the patient was a direct link to the entire patient demographics (name, address, phone, birthdate, sex, health card number, social insurance number, etc.).  Billing data is anything but ‘just billing information’!

Aside from diagnosis information in the above example, which would make any privacy breach just that much worse, the demographics information alone is considered personally identifiable information and is protected by both Federal and Provincial legislation.

Another point to consider is that the doctor was moving a business asset out of the business environment and into his home.  Would his insurance company have covered any loss of that hardware or liability if the breach occurred outside of the business premises?  The risks associated with this action far exceed any possible gains on the part of the physician.  Thankfully, once we pointed out these issues, the physician chose to leave the server in his office and over a period of a year and then decommissioned the entire older EMR.


1.  Almost all data in an EMR should be kept private.

2. Do not take data outside of your business environment unless you have a very good reason.

Welcome to TimeAcct’s SEMRT Blog

Hello Everyone,

Welcome to our blog on Electonic Medical Record Data.  We will be posting various entries here on all aspects of EMR data, in order to encourage discussion on the topic and share our thoughts.

We encourage you to join us – and make posts and comments!

G. Bradley MacDonald



1.  All comments will be held for manual approval.  This will help us deal with SPAM and other issues associated with running a blog on the Internet.

2.  The following blog entries are the opinions of the posters and readers should seek out pertinent professional advice before acting on any suggestions, real or implied.