Spacer
PedifixBannerAS5_419
Spacer
PedifixBannerCU526
Spacer
PMWebAdEW725 		PMWebBannerAdvice226
Podiatry Management Online


Facebook

 Podiatry Management Online
Podiatry Management Online

Home
Podiatry Management Online
CME
Podiatry Management Online
PM News
Podiatry Management Online
Classified Ads
Podiatry Management Online
PM Magazine
Subscriptions
Renewals
Change of Address
Podiatry Management Online
Highlights from
Current Issue
Podiatry Management Online
Highlights from
Recent Issues
Podiatry Management Online
Diabetes/Wound
Management
Podiatry Management Online
Practice Management
Podiatry Management Online
Biomechanics/Footwear
Sports Podiatry
Podiatry Management Online
Clinical Innovations
Podiatry Management Online
Profiles and
The Clinical Forum
Podiatry Management Online
Buyers' Guide
Podiatry Management Online
Annual Survey Report
Podiatry Management Online
New Products & Services
Podiatry Management Online
Archives
Podiatry Management Online
Sponsors
Podiatry Management Online
Privacy Policy
Podiatry Management Online
Contact Us
Podiatry Management Online
 


PedicisGY326

Search

  
Search Results Details
Back To List Of Search Results

09/26/2013    Michael L. Brody, DPM

Disposal of Office Computers (Robert E. Sherman, DPM)

It is not the whole computer that you need to
worry about, it is about the storage of data in
the computer. The storage of data is on your hard
drive in your computer. It is also VERY IMPORTANT
to realize that computers are NOT the only devices
that you need to remove sensitive information from
before they leave your office.

There was a recent case where Affinity Health Care
paid a large fine for letting photocopy machines
out the door with patient information on the hard
drives in the copy machines. So the advice I am
providing below is appropriate for any and all
devices that may contain patient information
including but not limited to computers, copy
machines, fax machines and printers.

There are two good ways to give a computer away
without risking exposing patient data to
unauthorized individuals. Those methods include:

• Sanitize the disk using NIST (National
Institute of Standards and Technology) Standards,
see http://www.nist.gov and look at special
publication 800-88 for guidance on this issue.
This may involve working with an IT specialist.
Another published standard is DoD 5220.22-M which
has Department of Defense standards for wiping
data. There are many methods of sanitizing a disk.
One is to wipe the disk completely according to
the standards mentioned. A good software tool for
sanitizing hard disks is Active Killdisk
(www.killdisk.com) this is not the only one and
you can find others with a simple Google search.

• Remove the hard drive from the computer before
giving it away and either put a new hard drive in
the computer or have the person receiving the
computer install the new hard drive. Once the disk
has been removed shred the disk using a service
that meets the NIST or DOD standards.

In either of these cases, the process will render
the computer unusable because the disk will no
longer contain an operating system. You will need
to use the license key(s) that came with your
computer or you purchased to re-install the
operating system and any other software. But you
will now have a computer that you can safely give
away. If you are disposing of the computer you do
not need to re-install the software. You can just
throw it away safely.

Michael L. Brody, DPM, Commack, NY,
mbrody@tldsystems.com

Other messages in this thread:

09/27/2013    Michael L. Brody, DPM

Disposal of Office Computers (Robert E. Sherman, DPM)

I have looked at the website for DBAN which can
be found at dban.org/ There is a link to this site
on the sourceforge webpage that Dr. Musella
provided.

There are some disclaimers on the website that
make the DBAN software unsuitable for use to erase
Protected Health Information you can visit the
DBAN website to view them yourself, but for
convenience I am including them in this post:

Darik's Boot and Nuke (DBAN) is free erasure
software designed for consumer use. DBAN users
should be aware of some product limitations,
including:
No guarantee that data is removed
Limited hardware support (e.g. no RAID
dismantling)
No customer support
DBAN is a self-contained boot disk that
automatically deletes the contents of any hard
disk that it can detect. This method can help
prevent identity theft before recycling a
computer. It is also a solution commonly used to
remove viruses and spyware from Microsoft Windows
installations. DBAN prevents all known techniques
of hard disk forensic analysis. It does not
provide users with a proof of erasure, such as an
audit-ready erasure report.

Professional data erasure tools are recommended
for company and organizational users. For secure
data erasure with audit-ready reporting, contact
Blancco or download a free evaluation license.

-----

The Blancco 5 product referenced on the DBAN site
does provide NIST 800-88 compliant erasure and
would be appropriate to use for erasing Protected
Health Information. Please do not rely on the
DBAN product, if you do and the Protected Health
Information is not removed then you may be at risk
of a HIPAA Breach. The potential costs associated
with a HIPAA Breach far outweigh the costs for a
program that is guaranteed, meets published
specifications, and provides you with an audit
log. There are many products available that meet
the NIST specification, Blancco is one example.

Michael L. Brody, DPM, Commack, NY,
mbrody@tldsystems.com
PICA


Our privacy policy has changed.
Click HERE to read it!