in HIPAA Headlines by John Brewer

This is a common response when I ask if a practice has encrypted their laptops.

Horizon BCBS is a glaring example of why this does not matter.

Horizon had some laptops that were just password protected, not encrypted.
NOTE: password protection is simple to break – generally can be done in under 5 minutes, whereas encryption is entirely different.

They felt that since these laptops did not normally leave the office AND they were secured to the work area with a cable lock…
there was no reason to encrypt them.

That thinking has now been proven wrong and Horizon is paying for it in multiple ways.

Remember: the idea here is to reduce risk.

You may have very practical reasons for not encrypting a computer, but encryption is one of the absolutely easiest ways to gain safe harbor of there is an issue.

Something else to be aware of – being on the cloud does not guarantee your computer is clean of PHI.IF you are on a cloud version of an EHR, before you assume your computers are “clean”, get a written statement from your EHR vendor that ZERO PHI is on your computer(s).

About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 176 great entries.

0 thoughts on “But Our Laptops Never Leave the Office

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *