Flash Drive Versus Paper

“Here’s my records.”

I hear that a lot, usually in the context of a patient handing me a flash drive or (less commonly) trying to plug it into my computer. (I have the USB ports turned toward me to keep that from happening.)

Uh, no.

I love flash drives. They definitely make data transfer easy, compared with the CDs, ZIPs, JAZZ, floppies, paper, and punch cards of past years (I should also, as a childhood TRS-80 user, include cassette tapes).

At this point an encrypted flash drive is pretty much the entire briefcase I carry back and forth to work each day.

But there is no patient I trust enough to plug in one they handed me.

I’m sure most, if not all, are well meaning. But look at how many large corporations have been damaged by someone slipping in a flash drive with a malicious program somewhere in their network. Once in, it’s almost impossible to get out, and can spread quickly.

Even if the patient is benign, I have no idea who formatted the gadget, or put the records on. It could be a relative, or friend, with other motives. It could even be a random flash drive and they don’t even know what else is on it.

My desktop is my chart system. I have to protect the data of all my patients, so I exercise caution about what emails I open and what I plug into it. Even the person offering me the flash drive wants the info guarded.

So I don’t, as a rule, plug in anything a patient hands me. All it takes is one malicious file to compromise it all. Yeah, I pay for software to watch for that sort of thing, but you still can’t be too careful.

This is where paper still shines. It’s readable and it’s transportable (at least for small things like an MRI report and lab results). I can scan it into a PDF without risking any damage to my computer. And it definitely shouldn’t be plugged into a USB drive unless you’re trying to start a fire.

Of course, paper isn’t secure, either. If you have it piled up everywhere it’s pretty easy for an unsupervised person to walk off with it. That actually happened to a doctor I shared space with 20 years ago, albeit unintentionally. A patient had brought in a bunch of his records in a folder and set them down on the counter. When he left he grabbed another patient’s chart by mistake and didn’t realize it until the next day. Fortunately he returned them promptly, and there were no issues. But it had the potential to be worse.

Today my charts on roughly 20,000 patients can all fit on a gadget the size of my thumb instead of a multi-room shelving system and storage closet. That’s pretty cool, actually. But it also opens other vulnerabilities.

It ticks some patients off that I won’t plug in their flash drives, but I don’t care. Most of them understand when I explain it, because it’s to protect them, too.

The odds are that they don’t mean any harm, but I can’t take that chance.

Dr. Block has a solo neurology practice in Scottsdale, Arizona.

“Here’s my records.”

I hear that a lot, usually in the context of a patient handing me a flash drive or (less commonly) trying to plug it into my computer. (I have the USB ports turned toward me to keep that from happening.)

Uh, no.

I love flash drives. They definitely make data transfer easy, compared with the CDs, ZIPs, JAZZ, floppies, paper, and punch cards of past years (I should also, as a childhood TRS-80 user, include cassette tapes).

At this point an encrypted flash drive is pretty much the entire briefcase I carry back and forth to work each day.

But there is no patient I trust enough to plug in one they handed me.

I’m sure most, if not all, are well meaning. But look at how many large corporations have been damaged by someone slipping in a flash drive with a malicious program somewhere in their network. Once in, it’s almost impossible to get out, and can spread quickly.

Even if the patient is benign, I have no idea who formatted the gadget, or put the records on. It could be a relative, or friend, with other motives. It could even be a random flash drive and they don’t even know what else is on it.

My desktop is my chart system. I have to protect the data of all my patients, so I exercise caution about what emails I open and what I plug into it. Even the person offering me the flash drive wants the info guarded.

So I don’t, as a rule, plug in anything a patient hands me. All it takes is one malicious file to compromise it all. Yeah, I pay for software to watch for that sort of thing, but you still can’t be too careful.

This is where paper still shines. It’s readable and it’s transportable (at least for small things like an MRI report and lab results). I can scan it into a PDF without risking any damage to my computer. And it definitely shouldn’t be plugged into a USB drive unless you’re trying to start a fire.

Of course, paper isn’t secure, either. If you have it piled up everywhere it’s pretty easy for an unsupervised person to walk off with it. That actually happened to a doctor I shared space with 20 years ago, albeit unintentionally. A patient had brought in a bunch of his records in a folder and set them down on the counter. When he left he grabbed another patient’s chart by mistake and didn’t realize it until the next day. Fortunately he returned them promptly, and there were no issues. But it had the potential to be worse.

Today my charts on roughly 20,000 patients can all fit on a gadget the size of my thumb instead of a multi-room shelving system and storage closet. That’s pretty cool, actually. But it also opens other vulnerabilities.

It ticks some patients off that I won’t plug in their flash drives, but I don’t care. Most of them understand when I explain it, because it’s to protect them, too.

The odds are that they don’t mean any harm, but I can’t take that chance.

Dr. Block has a solo neurology practice in Scottsdale, Arizona.

“Here’s my records.”

I hear that a lot, usually in the context of a patient handing me a flash drive or (less commonly) trying to plug it into my computer. (I have the USB ports turned toward me to keep that from happening.)

Uh, no.

I love flash drives. They definitely make data transfer easy, compared with the CDs, ZIPs, JAZZ, floppies, paper, and punch cards of past years (I should also, as a childhood TRS-80 user, include cassette tapes).

At this point an encrypted flash drive is pretty much the entire briefcase I carry back and forth to work each day.

But there is no patient I trust enough to plug in one they handed me.

I’m sure most, if not all, are well meaning. But look at how many large corporations have been damaged by someone slipping in a flash drive with a malicious program somewhere in their network. Once in, it’s almost impossible to get out, and can spread quickly.

Even if the patient is benign, I have no idea who formatted the gadget, or put the records on. It could be a relative, or friend, with other motives. It could even be a random flash drive and they don’t even know what else is on it.

My desktop is my chart system. I have to protect the data of all my patients, so I exercise caution about what emails I open and what I plug into it. Even the person offering me the flash drive wants the info guarded.

So I don’t, as a rule, plug in anything a patient hands me. All it takes is one malicious file to compromise it all. Yeah, I pay for software to watch for that sort of thing, but you still can’t be too careful.

This is where paper still shines. It’s readable and it’s transportable (at least for small things like an MRI report and lab results). I can scan it into a PDF without risking any damage to my computer. And it definitely shouldn’t be plugged into a USB drive unless you’re trying to start a fire.

Of course, paper isn’t secure, either. If you have it piled up everywhere it’s pretty easy for an unsupervised person to walk off with it. That actually happened to a doctor I shared space with 20 years ago, albeit unintentionally. A patient had brought in a bunch of his records in a folder and set them down on the counter. When he left he grabbed another patient’s chart by mistake and didn’t realize it until the next day. Fortunately he returned them promptly, and there were no issues. But it had the potential to be worse.

Today my charts on roughly 20,000 patients can all fit on a gadget the size of my thumb instead of a multi-room shelving system and storage closet. That’s pretty cool, actually. But it also opens other vulnerabilities.

It ticks some patients off that I won’t plug in their flash drives, but I don’t care. Most of them understand when I explain it, because it’s to protect them, too.

The odds are that they don’t mean any harm, but I can’t take that chance.

Dr. Block has a solo neurology practice in Scottsdale, Arizona.