As a Therapist you store sensitive client information on your desktop computer, laptop, tablet or even smart phone.
One of the key moments where data becomes vulnerable is when you dispose of old IT equipment.
You cannot just copy and then dump data, there is a duty of care for the total life cycle of the equipment including disposal.
Client information such as Informed consent forms, Medical histories, Treatment plans, or other Consultation Forms, as well as contact details, are at the core of your business. It is protected by GDPR law and frankly not something you want to go astray. Make sure that you have it safely, on the cloud, or alternatively stored securely.
MY CLIENT’S DATA IS IN THE CLOUD. HOW DO I DELETE THIS SECURELY?
If you are using iPEGS paperless forms, securely deleting data from the cloud is simple. You need no special software, reformatting, resetting, or specialist IT security consultants. You can delete data on request permanently and at the push of a button. As clients are able to request this from you as data collector.
If you use another provider you should contact them for advice on how to securely delete this data.
MY DATA IS ON MY DEVICE, NOT ON THE CLOUD
If you store your data off cloud, at first glance deleting files, formatting or factory resetting hardware should do the trick. Unfortunately that is not always the case.
The delete file button does not really erase files, it just takes them out of sight. Anyone with a little knowledge can easily recover these files.
If you have client’s phone numbers, email addresses on your phone, and who doesn’t, disposal is a huge responsibility.
DONATING OLD PHONES OR TABLETS
If you have ever sold or passed a mobile phone or tablet on, what happened to all the data that was on the device? Even activating the factory reset on mobile phones and tablets isn’t always the end of it.
You may think you are doing the right thing by donating your old phone to organisations like Oxfam or Fonebank but without the proper precautions, you could put client’s data at risk.
YOU MUST BE SURE THAT ALL PREVIOUS DATA IS UNRECOVERABLE BY THIRD PARTIES
Where is my client’s data?
Desktop and laptop computers store data on an internal hard drive. Most of us are familiar with that. Don’t forget that you may also have client’s data stored on USB drives, USB sticks or even CDs.
Some Mobile phones and Tablets have internal SD cards not dissimilar to the ones you can buy to add memory or save photo’s.
DELETE OR DESTROY?
When you delete your data it may no longer be easily available. However traces of data remain in places that aren’t always apparent.
If you move an item to the recycle bin or perform ‘quick format’ on your hard drive or a factory reset of your device, you may consider it deleting data but it isn’t complete.
For a home computer, this is generally an adequate method for removing your personal data in most situations.
Formatting your device, recreates the data structures and file system.
You can delete data by reformatting, unfortunately, it could still be recovered easily.
HOW DO I MAKE SURE MY DATA CAN NEVER BE RESTORED, EVEN BY PROFESSIONALS?
Employ an IT security specialist.
There are many companies which will securely delete data for you from a range of devices. These organisations will destroy or overwrite data on your behalf.
Companies such as Secure IT Services Ltd for example, use InfoSec Standard No: 5 Approved Blancco programme as do other companies in the sector. This is the gold standard but is costly.
They are able to return, reuse or recycle your device after they have securely deleted your data.
Before you send a device to be wiped, it is wise to restore it to factory settings. When your machine is returned, you should confirm your data has been removed securely
All this takes time and money but is the most effective method of removing data .
Using an overwriting programme can be cheaper and you can continue to use the device once the process is complete.
Overwriting large hard drives takes time and this may need to be done multiple times. However it may be impossible to remove all data from the device.
Where do I find overwriting software?
You can find programmes which offer secure deletion of data easily. Some are free to download however, you should make sure this comes from a reputable source and check user reviews against the claims that it makes.
USE A SLEDGEHAMMER
You may well decide that it is cheaper and less hassle just to destroy the hardware. Even this is not as simple as it may appear at first glance.
The client data may well be the only thing that you really want to remove, not to buy a new computer.
If you take a sledgehammer to your device, you can’t just sweep up the yard and dump it into the bin. The debris from mobile phones tablets, and the batteries particularly raise extra health, safety and environmental concerns.
You can try restoring factory settings.
Many devices offer a function to ‘Restore to factory settings.’ This will return the device to the state in which you bought it. This mostly applies to tablets and smartphones.
Included in the reset process must be a secure wiping stage. Not all devices include this process. You should check with the device manufacturer .
THERE MUST BE AN EASIER WAY?
If having read this you feel that it might be wiser to, stick to therapy and not take up IT security as a part time job then why not look at our website and see how iPEGS can help you manage your forms and data.
By using the iPEGS Paperless System for your Consultation Forms, Consent Forms, Medical Histories and Treatment Plans, you can be sure that your data is safe. As the data processor, we store and encrypt your data in a secure, state of the art UK data centre. We are Cyber Essentials Certified giving you peace of mind that our defences will protect against the most common cyber-attacks. We have achieved the IASME governance standard in relation to GDPR where we have demonstrated wider governance for management of the controls protecting personal data.
I’m interested how do I get started?
If you would like to know more simply email me directly: steve @ipegs.co.uk or call me on 01244 955350.