But Our Laptops Never Leave the Office

in HIPAA Headlines by John Brewer Leave a comment

This is a common response when I ask if a practice has encrypted their laptops. Horizon BCBS is a glaring example of why this does not matter. Horizon had some laptops that were just password protected, not encrypted. NOTE: password protection is simple to break – generally can be done in under 5 minutes, whereas Read More

Stolen Laptops and the Whole Ball of Wax

in HIPAA Headlines by John Brewer Leave a comment

Most of the time when I read a story on a stolen laptop, it is just the singular topic – Hey genius, if you encrypted your laptop this wouldn’t be an issue. The latest story I’ve come across pulls pieces in from multiple issues that a medical practice needs to consider.  Though the incident revolves Read More

Emory Data Breach, Same Old Excuses

in HIPAA Headlines by John Brewer Leave a comment

Does anyone know the #1 reason for a PHI data breach? That’s right, a lost or stolen storage device that is not encrypted. Follow on question: what is the only Safe Harbor for a lost or stolen storage device? Encryption! So, the worst offender is an un-encrypted storage device, yet one of the easiest things Read More

Sutter Breach Notes

in HIPAA Headlines by John Brewer Leave a comment

As I’ve preached before, if you are going to store PHI on a mobile device (laptop, external hard drive, etc), you better make sure that you encrypt the hard drive. Typically, I am less concerned about desktop PC’s and servers as, you should have proper physical security systems in place. The recent Sutter Medical Foundation Read More

Do as I say, not as I…Oops!

in HIPAA Headlines by John Brewer Leave a comment

Take a look at a list of PHI breaches and there are a few items that stand out: Many are at the hands of a contractor Most are portable storage device losses or theft (this includes tapes, laptops, etc) Lots are at big government entities One of the goals of HIPAA regulations is to give Read More