Securing Healthcare Data with Ubuntu Desktop

People's personal health care data has to be kept confidential. The reality of working in health care IT is that you have to put work on a USB stick or use a laptop. At least Ubuntu makes it easier to do the right thing.

I knew I had to do something about the data on my laptop (Ubuntu 8.10), so I sat down one day to figure out what to do. I knew the tools were there, but where to start? Almost absent-mindedly I right clicked on the folder I needed to encrypt, and saw that there's an "Encrypt..." command right there on the menu. (Note that you have to be pointing at the file or folder in the right pane of the Nautilus file manager.)

"That was easy," I said to myself. I selected the "Encrypt..." command. Since this was the first time, it took me through a number of steps to generate some keys. I just followed the dialogues. On my Lenovo x300 it took several minutes to generate the keys after I got through the dialogues. I was starting to worry if something was wrong, but patience prevailed.

Once the key is generated, I could go back to encrypting my folder. I selected the option to "Encrypt all files together in a package." After it was done, which wasn't long at all, I was left with the original folder, the folder.zip file, and a folder.zip.pgp file. The ".pgp" file is the encrypted one, so I deleted the original folder and the folder.zip file.

Then I had to make sure that the files can't be reconstructed by someone with the right tools and access to my laptop. I opened a terminal window and did this:

dd if=/dev/zero of=junk
rm junk

The first command takes quite a while. It writes zeros to all the free space on my disk. The more free space, the longer it takes. When it fills the disk, it stops. The second command deletes the file, so I have all my free space back. (If you don't know why I did this, read the last paragraph of this article.)

I've heard that there are ways to get data back from disks even if they've been completely re-written. Leave a comment if you know more about the practicality of restoring zeroed hard drives. The above approach certainly foils a relatively determined attempt to get the data back, and should put you in good stead with your privacy people.

Note that this process still isn't one I'd want to do every time I had to access some personal health care data on my laptop. It's a manual process, meaning I might forget to do it or won't have time to do it that one time just before I leave my laptop in the rental car at the airport. It also takes time, especially if you have a lot of free space on your disk.

If you don't know why you have to write zeros on all your free space, here's why: When you delete a file on your computer, you don't actually erase the data. You just mark it as available for re-use. Someone with the right knowledge (and there are many who have this knowledge) can reconstruct old data on your disk. If you write zeros over the free space, you ensure that there's no data for them to reconstruct.

"Architecture" Gets a Time-Out

Anne Thomas Manes published a great post about how the economic downturn means the end of big IT projects being done for some vaguely defined "value". There's a good podcast about it here.

I think the key messages are:

• IT can provide spectacular gains in business value only by transforming the IT department (people, processes and technology), not by changing the interface engine between the same set of disparate applications
• SOA is dead not because the technology is necessarily wrong, but because business aren't going to spend money on projects that don't provide immediate business value
• IT provides value by understanding the business and providing what the business needs. That's not a simple process and is fraught with political minefields within and outside the IT department
  

There's a great bit starting at minute 28:00 where she says, "Go take a look at the SOA success stories and invariably there's a new CIO in place. And it only happens because the CEO recognizes that he needs to fix IT, and he knows his current CIO isn't fixing it."

Backlight with Ubuntu 8.10 and Lenovo X300

A recent kernel upgrade broke the backlight control on my X300 (along with a lot of other laptops, according to what I find with Google). To fix it, I'm running the following every time I log in:

sudo xrandr --output LVDS --set BACKLIGHT_CONTROL legacy

Favicon in Drupal

I'm using Drupal to put together a site for my son's school's Parent Advisory Committee (PAC). I'm impressed at how quickly you can get something up on Drupal. Getting something the way you want it is a little harder, as is always the case with computers.

One stumbling block has been the favicon. First, it appears that the HTML that Drupal generates requires a Windows Icon file type (favicon.ico). I've used favicon.png in other sites, but in Drupal it has to be a .ico file.

Also, the directory where you put the favicon.ico is write protected, and the file manager I was using on my hosted service didn't tell me I was trying to upload a file to a write protected directory. That resulted in another 10 minutes of muttering and fooling around trying to figure out where the file was going.

TikiWiki Modules Don't Appear

I'm using TikiWiki to propose to REACH Community Health Centre an idea about prescribing guidelines. I tried adding the search module. It would appear for the admin user but not for anyone else.

It turns out there is also a permission to allow users or groups to search. The module doesn't display unless you enable search for the users or groups. Judging by the name of some of the other permissions, there may be other modules that also require a permission to be set.