Don’t store patient records on your personal computer

Pretty irresponsible. Confidential information should be encrypted if more than one person is using the computer. I work for IBM and we are required to have our Notes databases encrypted, to have boot-on passwords and, in case of laptops, to have hard disk passwords as well. And none of our work-related data is as critical as patients’ medical information.

Additionally, simply erasing files when you give the computer away isn’t enough, as erasing files simply erases the names of these files from the directory without destroying actual files. There are programs like DBAN (free) if you want to wipe out the whole disk (including the OS). Every time I have my work computer replaced, it is my responsibility to wipe out my disk. There are tools to wipe out files without wiping the full disk as well: http://www.thefreecountry.com/security/securedelete.shtml. All of these tools are free. Some of these tools actually write 0s over the free space or over the space where specific files used to be.

It seems to me that you guys need to have some education on computer security before you are allowed to use a computer for work. It’ll help you if your have your own financial data there as well