If you could help your organization prevent a data breach and not get posted on The Wall of Shame, why wouldn’t you do it? Approximately one half of all the breaches reported to Health and Human Services (HHS) on their “Wall of Shame” involve the theft of a mobile device. In addition, about 60 percent of all breaches could have been prevented by encryption.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was enacted in 2009. While this act does not require encryption of Protected Health Information (PHI), it does explicitly exempt encrypted PHI. Lost or stolen devices that contain encrypted PHI are not breaches and do not have to be reported to HHS or to patients.
Many of the stolen devices are notebook computers, tablets and cell phones. While your organization may have strict policies about storing PHI on these devices, the fact of the matter is you can’t really prevent it. Therefore, you are at risk of a breach. You may have an electronic medical records system that is completely hosted in the cloud. Have you thought about what happens when your billing department runs a monthly accounts receivable report or a clinic staff member runs a report of all patients with diabetes? Where is that report saved? Think about what happens when your physician opens up a radiology report thru an internet browser. Internet browsers cache data to help make them faster. Where is that image or data cached?
If you are using notebook computers that are Windows 8 Professional or higher, guess what? You already have an encryption program installed! You just have to turn it on! In addition, many if not all tablets and cell phones can be encrypted with software already present on the devices.
It seems like a no-brainer. Encrypt all of your organizations hard drives on computers and mobile devices and reduce your security risk by as much as 60 percent!