Using computers and mobile devices largely concerns storing, retrieving and transferring information more efficiently. Two basic ways to store and access information is via print (like a newspaper, book, or a patient’s written chart or x-ray film) or electronically (reading that same newspaper or book on the Web or a Kindle, storing the chart or x-ray as a file on your office’s computer network, etc.). These are sometimes referred to as static media or digital/electronic media, respectively. Unlike static media, digital/electronic media requires power to access and read, though it’s also easier to search, store and transfer and, of course, it’s always possible to print an electronic record to generate a paper copy.
With dental offices increasingly keeping patient information as electronic dental records (EDRs) – rather than using file cabinets stuffed to the gills with paper – this begs the question: how is electronic data actually stored? At its most basic level, all electronic data is reduced to seemingly endless lines of 1s and 0s called binary code. Each individual 1 or 0 is referred to as a “bit.” The smallest number of bits that can be read electronically is eight (i.e., 01001010). This is referred to as a “byte” and each one holds only a tiny amount of information. It varies a bit depending on the program using it, though a byte might hold a number, a letter, or perhaps a small word or two. Naturally, bytes are grouped together for data storage and various computer programs. About a thousand (it’s actually 1,024) bytes is called a kilobyte. About a thousand kilobytes is called a megabyte and about a thousand megabytes is referred to as a gigabyte. In case you’re curious:
A kilobyte = 1,024 bytes
A megabyte = 1,048,576 bytes
A gigabyte = 1,073,741,824 bytes
The amount of files a gigabyte of storage can hold will vary a bit, depending on the type of file being stored and perhaps its video, audio or print quality, but a conservative figure sometimes given is that a gigabyte of storage can hold approximately 75,000 pages of text. That means a computer with a 200-gigabyte storage capacity – relatively small by today’s standards – can contain about 15 million pages of data.
This data can be stored in three basic ways:
Magnetic storage is commonly used on the hard disc drives found on most computers. Information is stored using positive and negative magnetic charges to correspond with the 1s and 0s noted above. Optical discs like CDs and DVDs store information as binary code that can be read by an optical sensor in a disc drive. Likewise, flash/SSD technology – commonly found in smartphones, USB drives and some laptops – stores that same information electronically. Each system has different characteristics, but they can all communicate with each other since they all store the underlying information they hold as binary code. As a result, electronic information can be transferred easily between computers, smartphones, tablets, USB (aka “thumb” or “stick”) drives and other electronic devices. Of course, without appropriate safeguards in place, this easy data transferability can also lead to data theft…
One way to protect data is to encrypt it. Encryption is the use of an algorithm to scramble normal data into an indecipherable mishmash of letters, numbers and symbols (referred to as “ciphertext”). An encryption key (essentially a long string of characters) is used to scramble the text, pictures, videos, etc. into the ciphertext. Depending on how the encryption is set up, either the same key (symmetrical encryption) or a different key (asymmetrical encryption) is used to decrypt the data back into its original state (called “plaintext”). Under HIPAA, encrypted data is considered “secured.”8 As a practical matter, this means a theft of encrypted data does not have to be reported as a data breach (unless the corresponding key is stolen, as well).
The laptop and desktop computers in your office will generally be connected to each other as part of your office’s computer network. Although a network can be designed a number of different ways, a typical configuration could be what is referred to as a “client-server model.” In that sort of set-up, more powerful computers called servers perform centralized functions for your office (email, data storage, etc.), and the individual desktop and laptop computers connected to the network – referred to as “clients” – access the information or functions they need through the servers. That way, for example, every single computer in your office doesn’t have to store every last bit of patient data if there’s a database server with that information that can be accessed as needed from the other computers in the network. Your office network should include all of the computers and devices intended to have access to your office’s data. Each individual computer and device connected to the network is referred to as an “endpoint.”
The device that connects your office (or home) computer network to the Internet is called a router. The Internet itself is effectively the world’s largest computer network. Its vast, decentralized structure allows for the transfer of data across the globe. The World Wide Web is part of the Internet (they’re not actually the same thing) that acts as a virtual network of websites connected via hyperlinks (or simply “links”). Although we see them as names like www.dentalcare.com, websites have corresponding numerical addresses on the Internet. These are called Internet Protocol – or IP – addresses. It’s somewhat like a street address referring to the same thing as the building at that address in the way that “1600 Pennsylvania Ave.” refers to the same place as “The White House.” In case you’re curious, dentalcare.com’s IP address is 220.127.116.11.
Another thing to consider before we look at specific threats to computers, mobile devices, etc. is the effect of deleting data. That’s because hitting “delete” doesn’t do what you might think it does. Simply put, the data you try to delete is often still on your computers and can be stolen.
Data itself can be divided into three different types:
To understand what happens when a file is deleted, it helps to know a little bit about what happens when a file is created. When a file is first created, it exists as one of the temporary files mentioned above. Once it is saved, an entry corresponding to the file is made in the computer’s “Master File Table.” A Master File Table (or “File Allocation Table” on an older machine) is essentially a computer’s table of contents, allowing the files listed in it to be readily found as active data. When a file is deleted, what is actually removed is the entry in the Master File Table. The actual file isn’t deleted. The computer just puts a little marker next to it to let it know that it can use that space if needed. As a result, even though you can no longer see it, this type of data stays on a computer until it is actually overwritten (i.e., new data is stored in the same place on the drive where the data was residing).
A good analogy to the actual effect of deleting a file might be tearing off the index and table of contents from a large book, but leaving all of the pages intact. It may not quite be as easily accessible, but the information is still there. If a hacker gets a hold of a computer with this sort of information, he or she will most likely be able to reconstruct it. Needless to say, we will discuss proper disposal of data later in this course.