|UHN Palm Newsletter (July 2001) - Up Tight and Outta Sight |
DO YOU CARRY private information around on your Palm? How can you keep it private?
PROTECTION AT A PRICE
LAST MONTH WE DISCUSSED protecting your Palm from mishaps and loss of data from physical damage. Now I'd like to ask you to consider other ways you could lose data or have it compromised. And as we increasingly load patient-related and personal info onto our "peripheral brains", the potential risks from having others access that material rise.
I'm not too proud to admit that I have lost data from all sorts of calamities. Hey, I just write a newsletter, I'm no guru. Apart from having the batteries fall out one fine day, I have accidentally HotSynced to a different user name (really not good), and sometimes overwritten a file or two. Theft and fire are the only major disasters I haven't had yet.
I have almost always been able to come back due to some precautions:
- I HotSync daily
- I HotSync more frequently if I have made important changes
- I HotSync before battery changes
- After I HotSync I back up my desktop computer data files and folders to a ZIP drive. This holds 100Mb and can easily handle all my most important files. If anything happens to the originals on the hard drive, the ZIP backup is available. These days you can install a ZIP drive on your PC for less than C$80 and buy 100Mb disks for about C$20. Because you can also get external ZIP drives and because the format is widely used, my data are portable to another PC if my desktop machine "goes south".
- Important data files and archives for my Palm PDA can be found in a folder with my user name, within the Palm folder on my hard drive. Not only do I back them up onto the ZIP drive, but I also copy them periodically to another folder on my computer whence I can retrieve them if the unthinkable happens to the originals. Of course, my Mom likes to remind me that the unthinkable only happens to the unthinking
- I pay attention when the battery charge monitor on my Palm tells me that it's running low. I also keep a pair of spare AAA cells in my Palm case in case I'm on the road when the juice runs dry. Before HotSyncing a big application (eg. Epocrates' qRx drug prescribing program) I make sure that the batteries have at least 30% charge remaining - big files can take several minutes on my slow serial HotSync cradle.
There are other measures one can take to protect the data on a Palm. One of the niftiest is to exploit the unused system Flash RAM. The Palm operating system doesn't use all of the 2 megabytes and (depending which version of the operating system you use and how much space it leaves over) you can use up to forty percent of it for your own purposes. Files stored here will even survive a hard reset. BackupPro (http://www.handera.com/products/prosoftwr.asp), JackFlash (http://www.brayder.com) FlashBack (http://www.palmblvd.com/software/pc/Flashback-2000-02-05-palm-pc.html) and similar products will let you pop core material into this relatively safe place. You will need FlashPro (www.handera.com) or a similar Flash memory access program to make these backup solutions work.
Even more secure is a physical memory storage device for your Palm. For example, Memory Safe (www.northstarmobile.com) is a small module which plugs into the bottom of your Palm and provides additional storage which is immune to the perils your Palm is heir to. Use it for backup or to expand your PDA's storage space for medical reference texts. Get two of them and keep one somewhere separate from the Palm for even more paranoid protection.
Owners of Handspring Visors (www.handspring.com), Sony Cliés (www.sony.com) , and TRGPros (www.handera.com) know that they have additional storage card slots with more flexibility than all but the newest Palm m500 series devices. They should definitely be taking advantage of this capability to protect their data.
I KEEP MY Palm in a zippered pouch on my belt and I almost never leave it unattended on a flat surface. But if it should be nicked, there isn't much to keep a thief from accessing my files. Fortunately, I don't keep patient records on my PDA, but there is still my phone directory and snapshots of my family. Wouldn't want them to fall into the wrong hands
Palm provides a basic security tool in the form of hidden records and can also password lock the entire handheld computer if you so desire. Read more about it (and find lots of links to other security tools) at the following website: http://www.pdamd.com/vertical/tutorials/palmsecure.xml?ts=2903.
Unfortunately, this only works against casual snoops. If someone HotSyncs your Palm to their PC, all your data files will be backed up onto the new PC, where they can be easily inspected (www.pdamd.com/columns/column-28.xml). The password, as well as locked records can also be attacked on the Palm itself using a variety of strategies. Although Palm claims that the newest version of the operating system will correct this security loophole, it is still too early to be sure (www.atstake.com/research/advisories/2001/a030101-1.txt).
As usual, an army of programmers have taken aim at the problem and many useful solutions exist. Individual files can be encrypted, making them much harder to inspect on the Palm or desktop computer. Cipher is a good choice (http://www.klawitter.de/palm/cipher.html) and it is freeware. MobileSafe (www.handmark.com) is also a popular way to encrypt sensitive information on your Palm, as is Datagator from www.jawzinc.com.
Sign-On 2.0 (Communication Intelligence Corporation, www.cic.com) requires your signature before unlocking your Palm. Better locking tools are available with LockMe! (http://wwwipd.ira.uka.de/~witte/pilot/).
Need more? Look for products like TealLock (www.tealpoint.com), OnlyMe (www.tranzoa.com), PDABomb (www.PDABomb.com). Etc, etc.
In the USA, hospitals are starting to respond to federal directives mandating minimum levels of security for patient data on handhelds. To reduce the risk of litigation, many facilities may bar the use of Palms and require staff to use only "institutional" solutions, likely meaning PalmPCs and Windows. You can learn more about these issues at www.privacysecuritynetwork.com or by joining the discussion of wireless medical devices at the following chat group at Yahoo: WirelessMedicalApplications@yahoogroups.com. A discussion of the current American HIPAA rules and their implications can be found at http://www.zapmed.com/pages/hipaa.htm.
As the author of this last site points out, security is a system-wide issue and no one software or hardware product will address all concerns. Think of how you use patient info on your Palm and how you link to other users and computers in the hospital and on the road. And keep a tight grip on your Palm.
SCREEN CLEANING, PART II
SCREEN PROTECTORS WERE mentioned in last month's article on protecting your Palm from physical harm. Since then nothing has stood still and I have found out about two other resources for you. This site (http://www.pocketpcpassion.com/General/ScreenProtector/ScreenProtector.htm) is dedicated to finding the perfect transparent protective coating for your screen. If you fail despite everything, you can try to fill in the scratch with Screen Clean which is available from the following weblink: (http://www.gethightech.com/).
Medical "Doc" of the Month
Taber's Medical Dictionary is now available for Palm devices. This isn't the first thing I'd use to fill the memory on my PDA but medical students might find it useful. On sale at http://www.pdamd.com/features/tabers.xml?ts=606.
Hack of the Month
FOR SOMETHING SMALLER than Taber's, have a look at these two text files on ECG interpretation (Abnormal ECG and EKGref). They aren't fancy but they give you an idea of what can be done to provide small, focussed reference texts for the Palm. You can find heaps of these on many sites (see recent issues for some suggestions). Check the contents for relevance and accuracy and load them on your pocket computer.
A pediatric residency program in Arizona has been handing out Visor handheld computers to housestaff. Find out why and whether it has been useful at http://educ.ahsl.arizona.edu/pda/hlth.htm.
ePhysician (www.ephysician.com) is a commercial concern provides billing, reference tools, online prescribing and patient management tools on a Palm Vx to clients - doctors and clinics. This is one step beyond your typical OHIP billing software vendor.
IN TIMES GONE BY
Anton Tyukodi died in a helicopter crash recently. Anton was one of the first paramedics I had the pleasure to meet and work with when I came to Toronto more than ten years ago. He was fiercely professional and proud of his ability to bring advanced medical techniques into the field, often doing more in the field than a certain greenhorn ER doctor could do inside the hospital. Anton also flew aircraft and worked as a stuntman. His sense of humour was easily worse than mine and I mean that sincerely. Who else would try to get around at an air show in an ultralight glider with a fan strapped to his back for propulsion? Who else could make such a thing fly?
I didn't get to see him much lately, as he was working in a different zone than my hospital, but it still came as a blow to learn that someone so enthusiastic and vital was gone. Sometimes you come right up against the fact that life sucks.
So what has that got to do with Palm PDAs? Nothing really, except that I have learned that Palm PDA screens are hard to see outdoors. Drop what your're doing, go outside right now, and turn on your PDA. See what I mean? Then put the Palm away again, take a deep breath, and enjoy your summer.
I'll be back next month with another issue. Just don't ask me right now what I am going to write about.
THIS IS ONE of a continuing series of newsletters on Palm handheld computers, prepared for doctors, nurses, IT professionals. The author is a career emergency medicine specialist and inveterate computer nerd. Somehow my family put up with it all. The author is not reimbursed for this work nor do I accept paid placements or advertisements.
Feel free to pass copies around electronically or on paper. To subscribe, unsubscribe, present burnt offerings, obtain back issues, change your email address or complain about the weather, contact the author at: