Updating your computer systems? Consider the risks

Replacing your old computer systems requires more than just transferring files from one computer to the next. You'll also need to ensure that any patient data that were stored on the old system are completely removed from the hard drive; otherwise you could put yourself at legal risk.

If patient data are exposed because you failed to take precautions when switching systems, you could be fined or imprisoned for violating the privacy and security rules of the Health Insurance Portability and Accountability Act. Patients could also sue you for violating their privacy or for exposing them to identify theft. Moreover, you could face negative publicity for your failure to protect patient information from disclosure, according to American Medical News (9/12/05).

Before disposing of your old computer, transfer or convert your old files over to the new computer. Then, destroy the data on the old system by using one or more of the following techniques: Remove the hard disk and drill a hole through its center; use a free or commercial software program-one that follows the security standards of the Defense Department-to overwrite the data; or run a powerful magnet over the hard disk to "degauss" it. While any one of these methods will erase or destroy data from the hard disk, using more than one method provides extra protection against the disclosure of patient data.