in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Drive Encryption Software: Our Lady Of The Lake Medical Center Laptop Loss Affects 17,000

Our Lady of the Lake Medical Center is notifying former ICU patients that a laptop with "limited health information" is missing.  It appears that the device was not protected with the likes of medical computer drive encryption like AlertBoot.

Part of Patient Outcomes Project

Sometime between March 16, 2012 and March 20, 2012, a laptop computer went missing from a physician's office.  An extensive search turned up nothing.

The laptop computer stored names, age, dates of admission and discharge from the ICU, and the results of the treatment for 17,130 people who visited the Intensive Care Unit between 2000 and 2008.  This information was collected as part of a "quality and patient outcomes" project.

As such, financial information was not part of this data set, and neither were SSNs, addresses, or dates of birth.

This is a HIPAA Security Violation

Or is it?  Whenever medical that isn't protected with encryption software data goes missing, my knee-jerk reaction is to say that it's a HIPAA violation.  HIPAA states that medical data needs to be protected from unauthorized access, and, in the above case, it's quite apparent that this requirement is not being met.

But, HIPAA doesn't require the use of encryption.  Indeed, it only requires that adequate security be in place to protect data.  If the Our Lady of the Lake laptop was placed in a locked environment and never taken outside this perimeter, it could be considered adequate protection.

"Could," because there is a degree of uncertainty there: after an investigation, it might be concluded that it was, in fact, not adequate protection.  On the other hand, had this same laptop also been protected with hospital laptop encryption software and never taken outside its security perimeter, you can bet that it's not a HIPAA violation.  Take it outside of the security perimeter, and it's still not a HIPAA violation: encryption ensures patient data security.

Thus, encryption is just about the only reason why the loss of a laptop full of medical data can go unreported to the authorities and the public in general.  It's agreed that such safe harbor is reflected in the HITECH Act's Breach Notification Rule -- the HHS, charged with upholding and implementing HIPAA and HITECH has admitted as much.

The security afforded by encryption is infinitely better than whatever physical protections one could procure, and yet instances like Our Lady of the Lake crop up week after week.


Related Articles and Sites:
http://www.phiprivacy.net/?p=9440
http://www.ololrmc.com/body.cfm?id=778&action=detail&ref=1915

 
<Previous Next>

Data Security: How Toy Story 2 Almost Didn't Make It

Information Protection: Central London Community Healthcare NHS Trust Fined £90K, Fights Back

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.