in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Laptop Encryption Software: Senator Franken Wants It To Protect Medical Data

Minnesota Senator Al Franken (and former SNL alumn) is considering legislation, at the state or federal level, that would require the encryption of laptops containing private medical information.  In other words, a solution like full disk encryption from AlertBoot.

Consequence from Accretive Health Data Breach

Various sources, including washingtonexaminer.com, are reporting that Sen. Franken has expressed his interest in pursuing "legislation or federal regulations requiring encryption of all laptops containing private medical information " after he questioned executives from Accretive Health and Fairview Health Services.

I've pointed out many times in the past that current legislation does not mandate the use of encryption software when it comes to securing sensitive medical data.  Even HIPAA, as amended by HITECH, only strongly recommends its use.

In reality, HIPAA / HITECH mandates the use of encryption but in name only.  You'd think this would prompt everyone to use encryption, but no; when you give some wiggle room, you always get people who try to get through it.  Which is why the Department of Health and Human Services -- charged with enforcing HIPAA -- should just come out and make it mandatory.  I mean, why are they not taking the ultimate logical step?

Well, honestly, I can see how cost would be an issue, especially for the smaller organizations and private practitioners.  But, then, it's not the Department of Health, Human, and Hospital Finance Services, is it?

Will It Help, Though?

The problem with requiring the use of laptop encryption on all portable computers?  It's not a silver bullet:

Sen. Franken asked numerous questions about the stolen laptop and other missing laptops reported by Accretive. All but one laptop was encrypted, Accretive replied, and that was due to the oversight of a single employee in its IT organization who has since been fired. Accretive has put into place new policies and procedures to insure redundancy to make certain all laptops are encrypted. [insidearm.com, my emphasis]

Of course, one has to wonder whether Accretive is telling the truth.  After all, honest companies don't get roasted by a Senator and buy the wrath of the state Attorney General.  On the other hand, verifying the veracity of the statement wouldn't be hard (at least, not with a solution like AlertBoot where you get real-time laptop encryption status reports), so I can't imagine Accretive being less than forthright on this matter.

On the other other hand, what are the chances that the one laptop that was not encrypted happened to get stolen? (As my stats professor used to say, probably low but not entire impossible.)

But, that's not the point.  The point is, a mandate that all medical laptops be protected with whole device encryption does not guarantee that data will be protected.  You can have mistakes like the one above or companies that outright ignore the law.

And, yet, it's the only logical step to take.  Encryption is a de facto requirement under HIPAA.  And, while not the perfect weapon against data loss, the use of encryption does reduce data breaches: they're almost 100% effective when it comes to stolen or missing laptops, which account for over half of all data breaches reported to the HHS that involve more than 500 people.

P.S. - As an aside, does the Washington Examiner think this is a joke?  Why would their article on Sen. Franken's desire for mandatory laptop encryption pop up under "entertainment"?


Related Articles and Sites:
http://minnesota.cbslocal.com/2012/05/30/franken-wants-laptops-with-medical-info-encrypted/
http://washingtonexaminer.com/entertainment/health/2012/05/sen-franken-encrypt-laptops-medical-info/670671
http://www.insidearm.com/daily/debt-collection-news/debt-collection/accretive-responds-to-attorney-general-al-franken/

 
<Previous Next>

Data Encryption Software: South Shore Hospital Pays $750K In MA, HIPAA Settlement

Data Protection: What Does Happen To Customer Data When Startups Fail?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.