Password vs. Encryption

in HIPAA Headlines by John Brewer Leave a comment

There is a common (wrong) belief out there that when something is password protected, it is therefore encrypted. This is totally wrong. The recent “loss” of a laptop by BP that contained the personal data of 13,000 people brought this misconception back to light. Briefly: this lost BP laptop was password protected, but not encrypted.  Read More

Official Use Only?

in HIPAA Headlines by John Brewer Leave a comment

Does your office assign a business email to all of your employees? If so, what is your office policy on the use of that email? Sure, you might tell them it is for “official use only”…but what does that mean? And…if you “told” them this vs. having it in a written policy…does it even matter? Read More

The Press Doesn’t Get it

in HIPAA Headlines by John Brewer Leave a comment

In all, ok most, articles I read about data breaches, there seems to be this standard phrase: “there was no financial, bank, credit card or health insurance information…” HIPAA is not about financial info or bank info or credit card numbers. It is about personal, private health information being viewed by unauthorized people. Yes, it is Read More

300,000 Data Breach

in HIPAA Headlines by John Brewer Leave a comment

Wow, 300,000 people who are “clients” of the world’s largest stem cell bank, Cord Blood Registry, have received notification letters that their data may have been breached. Double Wow – the issue at hand: storage tapes and a laptop were stolen from an employee’s car. Triple Wow – the tapes nor the laptop were encrypted. Read More

Zero Tolerance Sanction Policy

in HIPAA Headlines by John Brewer Leave a comment

The Henry Ford Health System in Detroit lost a flash drive back in January that contained almost 3,000 patients’ information. This flash drive was not encrypted. Problem #1: Why was PHI stored on a flash drive? Problem #2: Why wasn’t the flash drive encrypted?  We don’t like the use of portable storage devices (flash drives) Read More