Best practices for mobile device data encryption at HIPAA covered entitites
Patient data was copied for 2,900 patients to an employee's thumb drive at BIDMC. The employee left that organization and went to a new one (UCSF). The employee loaded that data onto a laptop at the new organization to demonstrate quality improvement reporting. That laptop was stolen. Both organizations have potential HIPAA violations to worry about based on this person's actions. Some best practices:
- Policies should require that all mobile storage devices be secured
- Encrypt all mobile devices including laptops
- Educate employees on how to protect privacy
- Sanction employees who violate policies
- Implement technologies that find transfers of medical data (especially in an unencrypted form). This should include both transfers across the network and via physical devices such as USB thumb drives, iPods, etc.
Categories: Healthcare Tags: Encryption, HIPAA, Mobile, Stolen laptop, USB lost
1,700 at Pitt County possibly compromised
USB flashdrive used to move patient data between different computer systems is missing.
Categories: Healthcare, Uncategorized Tags: Credit Monitoring, North Carolina, USB lost