Moore's law, named after Intel co-founder Gordon Moore, states that computing horsepower doubles roughly every two years for the same physical size and price. It has held true for nearly 40 years. A corollary to Moore's law is that all computer-related devices and peripherals also continue to explode in capacity while becoming less expensive. Devices available and in use today were prohibitively expensive or downright unavailable just 5-10 years ago.
Portable data storage devices — specifically USB hard drives, including pocket "flash" or "thumb" drives — are a classic example. Just five years ago, a 60 or 80 GB internal hard drive was considered standard on a mid-range workstation, and 160 GB was at the upper range of what was available. And 10 years ago, a one terabyte hard drive system would have cost upwards of $100,000 and would have been about twice the size of an old fashioned VCR deck.
Today, a USB thumb drive can have a capacity of 32 GB or more and you can get them molded into and contained in a variety of shapes and formats, including miniature guitars, beer bottle openers, Swiss Army knives, Legos and even sushi. In fact, Amazon lists over 27,000 flash drives on its site. If you need more storage space, you can get a 1 TB USB external hard drive that is smaller than a paperback for under $100.
With that low cost, high capacity and portability, what's not to like? Just as with most issues in technology, there is a downside. In fact, for healthcare there are several.
First, with the small size, the most obvious risk is loss of the drives themselves. They can easily fall out of a purse or pocket or backpack, without the user even knowing. If the drive contains critical data, that could spell disaster. And since they have such a high capacity, it is easy to forget what data files are on the drive.
Second, the components of both flash drives and portable USB drives are small and cheap and therefore have a limited life. The shock and vibration of carrying them around, not to mention heat/cold cycles when they are left in a car or stored in the cargo vault of an airliner, can significantly shorten the lifespan of the drive and led to data loss.
Third, the technology may allow someone to copy patient files off a server and onto a portable drive and walk out of the facility with EPHI. In fact, In a recent true example, a radiologist left an imaging company, stole patient files and then contacted the patients after he went to work at a new facility. This represented not only a HIPAA violation, but a breach of employment and confidentiality covenants. The facility has sued the radiologist and had to contact all the patients involved.
This points out the disadvantage of portable electronic media and electronic patient files in general. If someone were to walk out of an ASC with huge boxes of files, it would raise obvious questions. But a person can walk out with thousands of records literally in the palm of their hand. In fact, the 1 TB drive mentioned above for under $100 could store up to 50 million pages of documents. That could easily represent a million patient medical files.
In large corporations and government entities where security is an extreme issue, many IT departments disable USB ports entirely and prohibit employees and contractors from bringing portable media onto the premises. Unfortunately in healthcare settings, many medical devices and sensors communicate with the computer network via USB, so disabling USB ports is generally not feasible.
You should work with your management staff and your IT resources to review your policies on this subject and make sure you are not vulnerable to the risks represented by portable media and USB drives.
Marion K. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting and implementation services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
Portable data storage devices — specifically USB hard drives, including pocket "flash" or "thumb" drives — are a classic example. Just five years ago, a 60 or 80 GB internal hard drive was considered standard on a mid-range workstation, and 160 GB was at the upper range of what was available. And 10 years ago, a one terabyte hard drive system would have cost upwards of $100,000 and would have been about twice the size of an old fashioned VCR deck.
Today, a USB thumb drive can have a capacity of 32 GB or more and you can get them molded into and contained in a variety of shapes and formats, including miniature guitars, beer bottle openers, Swiss Army knives, Legos and even sushi. In fact, Amazon lists over 27,000 flash drives on its site. If you need more storage space, you can get a 1 TB USB external hard drive that is smaller than a paperback for under $100.
With that low cost, high capacity and portability, what's not to like? Just as with most issues in technology, there is a downside. In fact, for healthcare there are several.
First, with the small size, the most obvious risk is loss of the drives themselves. They can easily fall out of a purse or pocket or backpack, without the user even knowing. If the drive contains critical data, that could spell disaster. And since they have such a high capacity, it is easy to forget what data files are on the drive.
Second, the components of both flash drives and portable USB drives are small and cheap and therefore have a limited life. The shock and vibration of carrying them around, not to mention heat/cold cycles when they are left in a car or stored in the cargo vault of an airliner, can significantly shorten the lifespan of the drive and led to data loss.
Third, the technology may allow someone to copy patient files off a server and onto a portable drive and walk out of the facility with EPHI. In fact, In a recent true example, a radiologist left an imaging company, stole patient files and then contacted the patients after he went to work at a new facility. This represented not only a HIPAA violation, but a breach of employment and confidentiality covenants. The facility has sued the radiologist and had to contact all the patients involved.
This points out the disadvantage of portable electronic media and electronic patient files in general. If someone were to walk out of an ASC with huge boxes of files, it would raise obvious questions. But a person can walk out with thousands of records literally in the palm of their hand. In fact, the 1 TB drive mentioned above for under $100 could store up to 50 million pages of documents. That could easily represent a million patient medical files.
In large corporations and government entities where security is an extreme issue, many IT departments disable USB ports entirely and prohibit employees and contractors from bringing portable media onto the premises. Unfortunately in healthcare settings, many medical devices and sensors communicate with the computer network via USB, so disabling USB ports is generally not feasible.
You should work with your management staff and your IT resources to review your policies on this subject and make sure you are not vulnerable to the risks represented by portable media and USB drives.
Marion K. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting and implementation services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.