Posts Tagged ‘Encryption’

Best practices for mobile device data encryption at HIPAA covered entitites

Patient data was copied for 2,900 patients to an employee's thumb drive at BIDMC. The employee left that organization and went to a new one (UCSF). The employee loaded that data onto a laptop at the new organization to demonstrate quality improvement reporting. That laptop was stolen. Both organizations have potential HIPAA violations to worry about based on this person's actions. Some best practices:

1. Policies should require that all mobile storage devices be secured
2. Encrypt all mobile devices including laptops
3. Educate employees on how to protect privacy
4. Sanction employees who violate policies
5. Implement technologies that find transfers of medical data (especially in an unencrypted form). This should include both transfers across the network and via physical devices such as USB thumb drives, iPods, etc.

Read more...

Secure Medical Data Transport – Standards Smorgasbord

Great blog entry on secure transport of medical data by Dr. Halamka. Different standards used include:

Read more...

Health Net : 1.5 million records

Security breach may have affected 1.5 million patient records

• California based Health Net
• Lost an external hard drive six months ago that was not encrypted
• Patient records from multiple states include New York, Connecticut, Arizona and New Jersey.
• Attorney General is investigating, including the time it took to report the incident
• Free credit monitoring for two years will be offered to those effected

Full article: Health Net healthcare data breach affects1.5 million