Finally, an article that puts the argument of Hard Drive Shred Size to bed!

Just a week ago, I about put myself into a coma by trying to explain the impracticality of trying to recover data from a hard drive that had been physically destroyed.

In short… IT’S IMPOSSIBLE

Ok… it is possible… but in the “I’m going to win the Powerball Lottery” kind of way.

It all comes down to how the data on a hard drive is encoded. Each manufacturer encodes their hard drives differently.  Then, to allow for the most data to be stored on these hard drives, the manufacturers are increasing the “areal density” (how tightly the data is encoded) on the drives.

This equates to extremely complex coding unique to each manufacturer.

But isn’t there something that can read the data off a random discarded piece of a hard drive?

In theory… Yes.

There is a process called magnetic force microscopy (MFM) photography that can see the data in its encoded format.

So then all we have to do is decode it – Right?

Well, not so fast.

First, there is the problem of size. Each one of these pictures would have to be saved somewhere for later decoding. For a 20 gigabite hard drive, all these MFM “pictures” would take up approximately 16 terabytes.

Then, here’s the fun part, each picture would then have to “be analyzed by an expert to interpret each bit” of information. Just the idea of this puts the notion of hard drive data recovery in the realms of impossible.

But were not done.

Now we have to know how the hard drive was encoded so we can know how to decode it.

To decode the data it would be necessary to know the manufacturer of the hard drive and the model of the hard drive, in fact. Most likely, one would even need to know the version of the firmware that was used to write the data. Even this information is not enough to decode the data, as one would need access to the manufacturer’s proprietary information concerning how that particular firmware/model drive actually wrote the data to the disk surface.

Still not satisfied that the data on your hard drive is not secure after running it through a hard drive shredder?

So even if we had all the information needed to decode the data, any hard drive that has been physically altered (shredded) will have significant damage to portions of the disks platters that will make the data impossible to retrieve no matter what.

The only response at this point is that data recovery from a physically destroyed hard drive, especially one that is in pieces, is impossible.

So I guess I need to restate my earlier comment…

You probably MORE LIKELY to win the lottery than having the data from a shredded hard drive restored.

To read the full story as published in Storage & Destruction Business magazine, here’s the link:

“Does Size Really Matter?”

As always, if you have any questions about hard drive shredding or have other document destruction concerns, please feel free to give us a call:

(619) 295-5474

Also, I’d love to hear your feedback about this topic in the comments section below.

Until next time… Keep Totally Secure.

Your friend,

Mike
Head Shredding Guy

P.S. I always knew that data recovery from a shredded hard drive was virtually impossible. But that paragraph in quotes above really eliminates the “virtually” part – Don’t ya think?

Don’t think people are paying attention at the recycling center?

It appears a Charlotte North Carolina doctor recently had to pay out $40,000 for dumping patient files at the local recycling center.

This makes it pretty clear that recycling is not the same as shredding.

1,000 records in 25 boxes containing the personal information of 1,600 patients were dumped by the doctor’s sons in mid-June of 2010.

This comes to a whopping $1,600 per box of records!

Kind-of puts the cost of shredding in perspective doesn’t it? Especially when you could drop off these boxes at a secure shredding facility, such as Total Secure Shredding (for instance), and only pay $4.45 per box. I’d say the total cost of $111.25 for the secure shredding of these 25 boxes pales in comparison to this $40,000 fine.

I’ve personally seen records just dumped off at the recycling center here in good old San Diego. I have to say, not only is this irresponsible with regard to patient information, it also just doesn’t make any sense when you now consider the hefty fines that are being handed out by Attorney Generals.

My rule is simple when it comes to deciding whether to shred or not: When in doubt, shred!

After all, why take a risk with your own identity theft or the identity theft of a patient, client, or employee?

As always, if you have any questions about whether you should shred, please feel free to give me a call.

And until next time… Keep Totally Secure.

Your friend,

Mike
Head Shredding Guy
(619) 295-5474

P.S. Here’s the full article if you’d like to check it out: Doctor pays $40,000 fine for dumping 1,600 patients’ medical records

Is anyone overly surprised when big multinational auditing firms and big bureaucratic government agencies get together the public they are charged with protecting end up worse off?

The Federal Department Health and Human Services (HHS) and the Office for Civil Rights (OCR) is apparently responsible for implementing and policing a couple of Congressional monstrosities know has HIPAA (Health Insurance Portability & Accountability Act) and HITECH (The Health Information Technology for Economic & Clinical Health Act).

Just that last sentence is enough to let you know there is “no good” afoot!

But in any event, these new laws have been put in place to hold health care providers and those who handle personal health information accountable to protecting client data. We all agree that protecting this data is important. However, only time will tell if  this new bureaucracy will succeed in protecting patients – I for one have my doubts.

With that in mind, the auditing firm KPMG has won the “OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011…”

KPMG is assisting the government to implement the statutory requirement to audit covered entity and business associate compliance with the HIPAA privacy and security standards as amended by HITECH.

KPMG will end up auditing 150 entities varying in size by December 31, 2012. HITECH requires “periodic audits” of covered entities and business associates to ensure HIPAA compliance.

Unfortunately, it has come out that KPMG has is itself under investigation for a potential breach that may have affected “3,630 patients at Saint Barnabas Medical Center in Livingston NJ, and 956 patients at Newark Beth Israel Medical Center in Neward, NJ…”

Here’s the whole article if you’re interested: http://www.healthleadersmedia.com/page-1/PHY-269480/HIPAA-Auditor-Involved-in-Own-Data-Breach

Not to worry… I’m sure it will all work out for the best. After all, the government is in charge of this!

Until Next Time… Keep Totally Secure,

Mike Krauss
Head Shredding Guy

If you are traveling back and forth to work with client files in your car, you might want to start taking precautions, especially if you’re working in a Health Care related field.

Imagine this scenario…

You’re just leaving the office after a long day.

But like any good hard working employee, there’s always more work to be done and hard deadlines that need to be met.

So you pack up a few client files and load them into the back seat of your car so you can do a little work at home.

On the way home, you remember that you have to stop by the grocery store to get some milk and cereal so the kids can eat breakfast in the morning.

By the time you eventually get home, and get the groceries into the house, you’re just too tired to consider any more work for the evening and decide that you’ll wake up extra early in the morning to get a few things done before leaving for work.

Now, imagine if at some point in the above sequence your car is stolen or broken into and your briefcase is stolen. If this were to ever happen, you’re going to have to come to grips with some potentially painful consequences.

You are going to have to notify your clients that their documents were stolen and there’s a potential for identity theft. And let me say, you want to be the one that informs the client of this. The last thing you want is for the police or a news agency to find the documents and inform your clients before you do. The best thing to do is to get out in front of the situation and to do the explaining fist hand.

Just to give an example of some of the penalties that can be involved when it comes to medical information and HIPAA (Health Insurance Portability Accountability Act), here is a listing provided by the American Medical Association (AMA):

See the full article by the AMA here at: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page

In a recent health care data breach case brought against health insurer Wellpoint, Inc. by the Attorney General of Indiana: Wellpoint agreed to pay the state $100,000; to provide two years of credit monitoring and identity-theft protection services to consumers affected by the breach; plus to provide reimbursement up to $50,000 to any Wellpoint consumer for loses that result from identity theft due to the breach.

Current data breech laws do have teeth and this should certainly raise the awareness of anyone dealing with consumer health data. Taking precautions is mandatory.

Here are some tips you can take in order to protect work documents that are routinely transferred to and from your secure office location:

1. You will want to have an accurate accounting of what documents were stolen. Only keep a minimal amount of client information you need when transporting documents back-and-forth between your office and home. If multiple employees are routinely taking home client information, you may want to implement a client information checkout procedure at the office. It’s much better to know which clients were affected than having to notify each and every one of your clients.
2. Don’t assume your vehicle is safe. Keep in mind that you have customers’ information sitting in the car if you decide to make pit-stops on the way to or from the office. When you get home, be sure that you also bring in the documents where there’s a more reasonable expectation that they are safe.
3. Don’t leave documents lying around at home, in the office, or in the car if at all possible. This information should be protected just as you protect the information in your computer with passwords and behind firewalls. Keep physical document with sensitive information in secure filing cabinets or perform routine file shredding with reputable paper shredding service if they are no longer needed.

It should be clear to everyone that is now dealing with sensitive customer health related data that the state and federal governments are taking identity-theft and data breaches extremely serious. Taking a few extra moments and steps to protect your customers data is not only the right thing to do professionally, but it is also an important policy to implement in order to protect the good name and reputation you’ve taken so long to build.

Until Next Time… Keep Totally Secure!

Your Friend,

Mike Krauss
Head Shredding Guy
Total Secure Shredding

Hey Folks,

I just wanted to do a shameless advertisement on this beautiful San Diego Friday…

Although it’s April 1st (April Fools Day), this is not a joke!

Total Secure Shredding has recently introduced

Free X-Ray Recycling

down at our secure shredding facility.

And not only will we professionally and properly dispose of all your old X-Rays in the same effortless and convenient manner as we destroy your paper document (and Hard Drives), I’m also throwing in a special offer:

For every 5 pounds of X-Rays you bring in, we’ll shred a standard size file box of paper documents while you wait for absolutely FREE!

That’s a $6.95 value…

So not only are you getting rid of those X-Rays, you’re also scoring a Free Box of Shredding.

There’s no limit on the amount of X-Rays you can bring in or Free Boxes of Shredding you can receive.

The only thing I ask is that the X-Rays are separate from any paper documents, this includes any X-Ray sleeves.

Just as a reminder, here’s our Secure Shredding Facility Address and Hours of Operation:

3584 Hancock St
San Diego, CA 92110

Mon – Fri: 8am to 5pm
Sat: 10am to 1pm

All X-Rays are securely shipped to a recycling facility where they are melted down and completely destroyed in full accordance with HIPAA requirements.

The recycling process is greatly enhanced if the X-Rays are not shredded before recycling.

We can shred the X-Rays if necessary prior to recycling but I have found that the X-Rays themselves generally contain very little personal information but I’ll leave that up to you. The process is HIPAA compliant either way.

If you have any questions, please feel free to give me a call: (619) 295-5474

So until next time…

Keep Totally Secure,

Mike
Head Shredding Guy
Total Secure Shredding, Inc.

P.S. I reserve the right to cancel this promotion at any time so please do not delay.

P.S.S. If you have a whole lot of X-Rays to get rid of, please give me a call and perhaps I can work out a real sweet deal where we come out and pick everything up for you. If you have a lot of X-Rays, I’m willing to deal!