For the last month I’ve been working at a system of hospitals here in my hometown. I’ve been having a blast but what I want to talk about is one of the government programs that the health centres have in an ongoing fashion with the government. The relation of that and the title of this post will soon be apparent.
Within a hospital, computers play a hugely important role in keeping track of patients, their information, and helping doctors take care of the patients by providing them the information when they need it. Not only that, it makes for easily legible prescriptions (wink wink). Without these computer systems in place, data would be much less organized and the flow of information would be hindered by physical location. Yes, fax systems already existed, but that’s a whole other myriad of problems in terms of privacy and security. With a computer system in place, infrastructure is bound to age and all machines are bound to fail at some point in time. The average lifespan of a computer is generally agreed to be around 5 years, so anything after that it’s safe to say it could fail (especially the HDD) “at any time.” In a hospital, failure of hardware means lost time and lost information.
If a doctor or nurse can’t access their computer and the apt software that’s required to do things like view X-Rays/MRIs/etc or process the analysis done by a medical peripheral, that means that patients must wait; in some cases, this could be fatal.
If a doctor loses access to critical data like a patient’s file that hasn’t yet been uploaded to a networked storage medium, that could also spell disaster for not only the doctor and the patient, but also the hospital as that could be a liability. The hospital has a duty to make sure that patient data is not leaked or lost. In an effort to prevent such catastrophic loss of data, the hospital system decided to enter in an agreement with the government (of Montreal, or Quebec, I’m not entirely sure) wherein machines get replaced, at no end-cost to the hospital. The hospital system is a public entity and is therefore considered essential operation. Part of that essential operation is the maintenance of digital infrastructure.
There’s a lot of computers in any given hospital. There’s practically a computer in every single room. This means a lot of hardware and a lot of time. The government agrees to replace laptops and desktop computers that are 5 years or older, provided that the old machines are no longer part of the hospital’s network. The government keeps track of how many machines are installed on the network and their identifying information.
The details of the agreement are as follows: The hospital agrees to purchase hardware to replace aging machines. The government agrees to refund the cost of the hardware, plus the cost of the work required to replace the machine. At the end of the year, once all the machines that were replaced are tallied up, the cost of the machines and work are calculated and that’s the money that goes towards replacing machines the following year.
It’s a perpetual grind because not all the machines can be replaced within a small period of time. It’s year-round, year after year, so even though at some point all the machines will be less than 5 years old, the machines that were replaced first, will eventually be 5 years old again and the cycle will continue. This, however, is not the whole story. There’s a bit more process to reveal in the replacement of PCs. There’s data that still persists on the machines being replaced and that data needs to be available to the users of a given machine. That means backing up data.
We bring the old PC up to our office and then create an “intelligent” image of the machine’s main partition (intelligent meaning that we only write to the resulting image file the used portion of the partition). Once the backup is taken and tested for integrity, the data is restored to the new machine in a specific directory that the help desk is aware of. If the user needs to access data that was on the old machine, they call help desk and those individuals get their data for the caller.
Once a machine is backed up, the hard drive must be wiped clean, making sure to erase every trace of data that existed beforehand. This is a hospital after all, sensitive data could have resided on the storage drive at some point. This means that a regular format won’t suffice and we have to go low-level. During our wipe, the drive is overwritten several times with random data, and then zeroed-out at the end. Because of this wiping, backups are kept for about a month to make sure that no critical information is erased.
My blog is self-hosted on a VPS running Ubuntu nested in Digital Ocean’s VPS service. If you want to get a VPS from Digital Ocean, I’d like to ask you to graciously use this referral link: https://m.do.co/c/fa082b6466bf. You’ll get $10 in free credit (2 months worth of the lowest tier VPS) and once you’ve spent $25 of your own money, I’ll receive $25 myself, meaning that you’ll be indirectly supporting my blog.