test Browse by Author Names Browse by Titles of Works Browse by Subjects of Works Browse by Issue Dates of Works
       

Advanced Search
Home   
 
Browse   
Communities
& Collections
  
Issue Date   
Author   
Title   
Subject   
 
Sign on to:   
Receive email
updates
  
My Account
authorized users
  
Edit Profile   
 
Help   
About T-Space   

T-Space at The University of Toronto Libraries >
Journal of Medical Internet Research >
Volume 9 (2007) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1807/16637


Title: An Evaluation of Personal Health Information Remnants in Second-Hand Personal Computer Disk Drives
Authors: El Emam, Khaled
Neri, Emilio
Jonker, Elizabeth
Keywords: Original Paper
Privacy
confidentiality
security
data disclosure
Issue Date: 30-Sep-2007
Publisher: Gunther Eysenbach; Centre for Global eHealth Innovation, Toronto, Canada
Citation: Khaled El Emam, Emilio Neri, Elizabeth Jonker. An Evaluation of Personal Health Information Remnants in Second-Hand Personal Computer Disk Drives. J Med Internet Res 2007;9(3):e24 <URL: http://www.jmir.org/2007/3/e24/>
Abstract: [This item is a preserved copy and is not necessarily the most recent version. To view the current item, visit http://www.jmir.org/2007/3/e24/ ] Background: The public is concerned about the privacy of their health information, especially as more of it is collected, stored, and exchanged electronically. But we do not know the extent of leakage of personal health information (PHI) from data custodians. One form of data leakage is through computer equipment that is sold, donated, lost, or stolen from health care facilities or individuals who work at these facilities. Previous studies have shown that it is possible to get sensitive personal information (PI) from second-hand disk drives. However, there have been no studies investigating the leakage of PHI in this way. Objectives: The aim of the study was to determine the extent to which PHI can be obtained from second-hand computer disk drives. Methods: A list of Canadian vendors selling second-hand computer equipment was constructed, and we systematically went through the shuffled list and attempted to purchase used disk drives from the vendors. Sixty functional disk drives were purchased and analyzed for data remnants containing PHI using computer forensic tools. Results: It was possible to recover PI from 65% (95% CI: 52%-76%) of the drives. In total, 10% (95% CI: 5%-20%) had PHI on people other than the owner(s) of the drive, and 8% (95% CI: 7%-24%) had PHI on the owner(s) of the drive. Some of the PHI included very sensitive mental health information on a large number of people. Conclusions: There is a strong need for health care data custodians to either encrypt all computers that can hold PHI on their clients or patients, including those used by employees and subcontractors in their homes, or to ensure that their computers are destroyed rather than finding a second life in the used computer market.
Description: Reviewer: Abdel Malik, Philip
Reviewer: Chhanabhai, Prajesh
URI: http://dx.doi.org/ 10.2196/jmir.9.3.e24
http://hdl.handle.net/1807/16637
ISSN: 1438-8871
Rights: © Khaled El Emam, Emilio Neri, Elizabeth Jonker. Originally published in the Journal of Medical Internet Research (http://www.jmir.org, 30.09.2007). Except where otherwise noted, articles published in the Journal of Medical Internet Research are distributed under the terms of the Creative Commons Attribution License (http://www.creativecommons.org/licenses/by/2.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited, including full bibliographic details and the URL (see "please cite as" above), and this statement is included.
Appears in Collections:Volume 9 (2007)

Files in This Item:

File Description SizeFormat
jmir.html65.36 kBHTMLView/Open

Items in T-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

uoft