MedicalDirector is committed to ethical and appropriate practices to maintain the expectations of the community and the requirements of the law for the security, privacy and integrity of personal health information. As part of that commitment, we are providing the following guide to assist in the understanding and possible steps that potentially protect patient privacy when moving Medical Director Software backups or other sensitive data to removable media which has the potential to get lost or stolen.
Introduction
When considering moving sensitive patient information onto removable media such as a USB, thumb or flash drive, external hard drive, or CD/DVD, critical steps need to be taken to ensure your patient’s sensitive information is best protected in the event the data is lost or stolen.
Before we take you through the steps of preparing MedicalDirector Software backups or other sensitive data for transferring to removable media, we strongly recommend you get familiar with the Australian Privacy Principles (APPs) and your responsibilities. Under the Privacy Act 1988 (Privacy Act), the Australian Information Commissioner may issue guidelines regarding acts or practices that may have an impact on the privacy of individuals.
See https://www.oaic.gov.au/ for the latest APPs that impact on the privacy of individuals and your responsibilities.
Process Overview
The following steps will take you through how to prepare your sensitive data prior to moving to removable media.
In short, the main tasks are;
1. The files are zipped (archived) into a single file.
2. The zip file is encrypted with AES-256 encryption algorithm.
3. The encryption key (password) is applied and meets the definition of a strong password.
How to Zip and Encrypt Sensitive Data
The free 7-Zip program is used in this guide to archive and encrypt MedicalDirector Software backups or other sensitive files. 7-Zip contains the strong AES-256 encryption algorithm.
1. Download the free 7-Zip archiving and encryption tool from http://www.7-zip.org/.
2. Install 7-Zip on your workstation or server.
3. Open the 7-Zip program.
4. Locate, select and highlight the folders and/or files you wish to zip and encrypt.
5. Click the Add icon 
The Add to Archive window appears.
6. Give the archive file an appropriate name.
7. Tick the Encrypt File Names check box.
8. Create a strong password. A strong password has a combination of;
o At least 15 characters
o Uppercase letters
o Lowercase letters
o Numbers
o Symbols
Strong password example: !{q).bST[N'rv9J
TIP: There are many free websites that will generate a random strong password for you. Please google ‘strong password generator’ or ‘password generator’ to find websites that will help you generate the strong password you require.
9. Enter your strong password into the Enter password field.
10. Reenter the strong password into the Reenter password field.
11. Click 
12. Browse to the location of the folder and/or files you wanted to archive and encrypt.
13. Locate the archived (zipped) and encrypted 7-Zip file with the filename you provided in Step 6.
You may now move this archived (zipped) and encrypted file (MDBackup03Mar16.7z) to removable media.
How to Unencrypt your Data
The following takes you through the steps to unencrypt a file that was encrypted with the 7-Zip program.
1. Ensure the 7-Zip program is installed on the computer that you want to unencrypt the file on. If not, follow steps 1-2 in the section How to Zip and Encrypt Sensitive Data to install the 7-Zip program.
2. 2. Once 7-Zip is installed on the computer, right click on the encrypted zip file, select 7-Zip > Open archive.
3. The Enter Password window appears.
Enter the password associated to the encrypted file. The file will now be unencrypted and the contents accessible.
