in HIPAA Headlines by John Brewer

Often, when I tell my children what I want them to do, I get the blank stare and head nod.

More recently, any time I speak to my children I require the following:

  1. Pause your video game
  2. Look me in the eye.

Don’t act like my children on this subject.

First, another report of stolen laptops:

Five laptops were stolen from Fullerton, Calif.-based St. Jude Heritage Medical Group,
that contained tens of thousands of medical records.

This incident has more than 20,000 victims.

Social Security numbers, dates of birth and, in some cases,
health-related information were all part of the stolen information

Thieves stole the computers from the St. Jude Heritage Healthcare Clinical Management Services building.

“The data that was stolen originated from private practice physicians,”
St. Jude Heritage Healthcare spokesman Kevin Andrus said in a statement.
“St. Jude Heritage Healthcare is an administrative foundation that contracts
with physicians, so that’s why the data was there.”

The hospital’s response? Letters have been sent to affected individuals,
who have been offered a one-year subscription for credit monitoring and restoration services.

Source:, KABC-TV Los Angeles

Hmm, OK.

Repeat after me:

  • There is NO reason to store PHI on a laptop in our office
  • There is NO reason to store PHI on a thumb drive in our office
  • We have an office mobile device policy that states, we will not store data on a laptop, thumb drive or similar device.

Alright, now you know.

Oh wait, you claim you have a legitimate reason to store PHI on a laptop?


Ok, if you absolutely must store PHI on a mobile device, here is how you should do it:

  1. Encrypt the device
    • Not just a sector or partition, encrypt the entire device
  2. Use a strong password
    • No, “password” is not a strong password
  3. Ensure your Computer Encryption Policy is followed exactly.
0 thoughts on “Erase Hard Drive for HIPAA

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *