in HIPAA Headlines by John Brewer

It is not unusual for me to rant here about the ridiculous level of recklessness the medical community has for our PHI.

Specifically, the easiest thing to point out, as it happens all the time, is the “theft” (or loss) of a portable storage device.

For those keeping score, a portable storage device is anything portable that can store data to include:

[list style=”green-check-8″]

  • Laptops
  • Portable hard drives
  • “Thumb” drives, also known as Pen drives or USB drives


One reason I continually rant about this is the solution is so easy, it is almost laughable.

The solution is to encrypt the hard drive, or memory, of the storage device.  The proper encryption gives you “safe harbor” if the device is stolen (lost).

Safe Harbor is a good thing – it means you don’t have to report the loss of PHI.

NOTE: a password on your device does NOT equal encryption.

Hard drive encryption is a process that can take 5 hours to complete.

Back to the story.

Last month there was an announcement that an employee of Science Applications International Corporation (SAIC) had some computer backup tapes “stolen from his vehicle in San Antonio, Texas.”

SAIC is a government contractor that supports TRICARE, which is the government’s attempt to reduce medical costs in the military.

As I was in the military, actually I’m still in the Reserves, this specific incident peaked my interest.

Well, last week my oldest child received a letter from SAIC that his data may have been stolen.

Yesterday I received that letter.


Over the next few days I’ll document the process I go through, from the letter(s) I receive the processing of my credit monitoring.

Stay tuned for part 2.

0 thoughts on “My PHI Breach Part 1

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *