Protecting patient data

In a modern medical practice, most data is stored electronically. National Privacy Principle 4.1 states:

An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

So when a hard drive belonging to one of our server’s RAID arrays failed, I couldn’t just throw it in the rubbish bin. I had to do my best to prevent any data being recovered from it in the event someone should try. With a working disk I would have used software to overwrite the data on the disk, but in this case more extreme measures were called for.

I labelled the failed drive to make sure I didn’t accidentally destroy one of our working spares
After removing the cover, I drilled a series of holes through the drive platters
The finished product ready for disposal

Although it might still be possible for some data to be recovered from the drive, an organisation with the resources to do so probably already knows more about our patients than they do about themselves.