in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Encryption: RI Hospital Settles With MA Attorney General For $150K

Women & Infants Hospital of Rhode Island has settled with the Massachusetts Attorney General's office over a 2012 data breach that ended up affecting more than 12,000 people in Massachusetts.  The hospital has agreed to pay $150,000 – $110,000 in civil penalties, $25,000 for attorney's fees, and $15,000 to a fund – and agreed to prevent future data breaches, according to narragansett.patch.com.  This is the type of risk a HIPAA covered entity is setting themselves up for if they do not use HIPAA compatible encryption to protect their PHI.

Unencrypted Backup Tapes (and More)

In April 2012, Women & Infants Hospital came to the unmistakable conclusion that they were missing backup tapes used to store names, SSNs, ultrasound images, and other data classified as protected health information (PHI) under HIPAA.  The tapes were meant to be sent off-site and then transferred to a "new picture archiving and communications system."  Instead, these went missing.

In addition, the hospital discovered the breach in April 2012 but didn't notify the Massachusetts AG's office until the fall of 2012.  Because HIPAA requires notification no later than 60 calendar days since the discovery of the breach, Women & Infants Hospital ended up breaking another HIPAA rule.

Safe Harbor

It is commonly known that the use of encryption software provides safe harbor from HIPAA requirements like the above, protects PHI, and counts towards state and other federal data protection requirements.

And yet, many covered entities are still delaying the deployment of data protection tools or looking for excuses not to deploy them at all.  Reasons are myriad, ranging from cost to complexity in implementing them.

However, it's becoming clear as time goes by that the costs of not encrypting PHI could be much higher – although delayed to a later date – and that there is more complexity involved when encryption is not employed (inventorying hardware may be simpler than encrypting them, but it's certainly not easier).

Related Articles and Sites:
http://narragansett.patch.com/groups/politics-and-elections/p/ri-hospital-to-pay-mass-150k-after-data-breach

 
<Previous Next>

HIPAA Desktop Computer Encryption: Bay Area Pain Medical Associates Has HIPAA Breach

Why Data Security is Important for Small Companies

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.