If your laptop is stolen, you are required to report this as a PHI Breach to every patient that might have their data on your laptop.
You can avoid this extremely embarrassing issue by encrypting your laptop.
This gives you Safe Harbor…which is a fancy way of saying, if your laptop is encrypted, you don’t have to report that you had a PHI Breach.
For the record, a mobile device can be:
- A laptop
- A “thumb drive”
- An external hard drive
- A CD or DVD
BUT, if you find it absolutely necessary to store ePHI on a mobile device, then make sure to encrypt that device.
What is Encryption?
Wikipedia tells us:
…encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).
In plain English, encryption scrambles data so it is useless unless you have the correct password.
“How is this different from the Windows or Excel password I use?”
It is quite simple to bypass password protection on an operating system.
In fact, just last month we had a client who needed to get into a laptop that
hadn’t been used in a while, and they forgot the password.
All we did was remove the hard drive, attach it to a Linux computer and shazam, we were in.
Excel & Word password can be cracked with free software in minutes.
A properly encrypted hard drive would take thousands of years to crack into.
What does this do for me?
Safe Harbor is a key term in the world of HIPAA regulations.
It basically means that you’ve done everything you can to reasonably protect ePHI.
If you have a laptop or hard drive stolen that contains ePHI and the hard drive is encrypted, you will have Safe Harbor for that event.
This can potentially save you thousands of dollars in expenses and and an untold amount in Public Relations.
- Full encryption of 1 computer, OR
- Full encryption of 1 external device (USB “thumbdrive” or external hard drive (hardware is not included)
- BONUS: Now includes a HIPAA Computer Encryption Policy