Take a look at a list of PHI breaches and there are a few items that stand out:
- Many are at the hands of a contractor
- Most are portable storage device losses or theft (this includes tapes, laptops, etc)
- Lots are at big government entities
One of the goals of HIPAA regulations is to give those that deal with PHI guidance on how to properly handle that PHI.
Specifically, follow the HIPAA regulations and you will greatly reduce the risk of a PHI breach.
The challenge of course, is the government can rarely explain anything clearly.
Add to that we are dealing with digital information – whether you use Windows, Macs, Linux or whatever operating system – managing your risk is a challenging.
Let me get back on topic…
If anyone should be able to follow the rules, it would seem like our government could.
Well, the aren’t so good at it.
Here’s the deal, IF you store PHI on any portable device THEN you better encrypt it OR you are setting yourself up for failure.
Hard drive encryption is not difficult nor expensive.
Additionally, IF you encrypt your PHI THEN you have safe harbor IF it is lost or stolen.
Believe me, you would rather deal with the prevention of a PHI breach that the after math of a PHI breach.