in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Small Healthcare Data Security: Neurologist Files HIPAA/HITECH Breach With HHS

The site phiprivacy.net, dedicated to data breach and information security issues in the medical arena, notes that a neurologist has notified the Health and Human Services department of a data breach that affects 2,376 people.  Instances like these show the true value of a data security and encryption services like AlertBoot, which combines laptop disk encryption, external disk encryption, and smartphone and tablet security under one roof.

Limited Information

Under the HITECH Act, which updated and bolstered HIPAA, medical covered entities are required to notify the Department of Health and Human Services (HHS) within 60 calendar days of the breach's discovery if it involves protected health information (PHI; essentially, patient data) and affects more than 500 people.

The neurologist introduced above complied with the law.  If you visit the HHS's "Wall of Shame," you'll see the following details:

  • Covered entity: Alexander J. Tikhtman, M.D.
  • State: Kentucky
  • Individuals affected: 2,376
  • Date of breach: August 15, 2012
  • Type of breach: Loss
  • Location of breached info: Other portable electronic device

That last entry tends to refer to something other than laptops.  It could be an external USB hard drive, a flashdrive, CDs and DVDs (although these are sometimes marked as such), backup tapes (also sometimes marked as such), or even smartphones and tablets.  In their defense, the "Wall of Shame" has only been around since 2009, when smartphones and tablets were not really considered a category (the iPhone debuted in June 2007 and tablets were essentially non-existent as a category until the birth of the iPad in 2010).

The details above are what the HHS decides to publish.  The actual report submitted to the department probably contains even more details.

Technology to the Rescue

The above case is a prime example of how one person's decision not to secure data can affect an inordinate number of people.

Had the doctor used encryption software to secure his patient files, not only would the data be protected, but under HIPAA/HITECH rules, the loss of such information would not comprise a data breach.  Ergo, public notice is not necessary.  It's win-win.

So, how to go about this?  Some general rules of thumb when it comes to digital data:

  1. Use disk encryption on laptops, desktops, and external hard drives.  The three types of computer devices I mentioned store information on disk drives ("duh" when it comes to the last one).  Full encryption ensures that the disks drives are protected to people who don't know the password.

    The process is relatively easy if you know what you're doing.  If not, a service like AlertBoot ensures not only that your computer is protected, but also takes care of issues like resetting passwords and backing up encryption keys.

  2. Do the same for other digital devices like smartphones and tablets.  Most smartphones and tablets come with disk encryption, either already turned on (but requiring that a password be set up) or ready to be installed (just press "go," as it were).

  3. Perform regular audits and checks.  Just to make sure things are as they should be.  If not, it's probably not a big deal (due to the use of encryption) but it gives you an opportunity to shore up any mistakes.

There is much more that you could do (and if you're a HIPAA-covered entity, that you must do).  However, starting with the above will ensure that you cut your medical breach risks in half (since the loss or theft of unencrypted laptops, desktops, and other portable digital data storage devices accounts for well over half of all data breaches listed at the HHS's site).


Related Articles and Sites:
http://www.phiprivacy.net/?p=10635
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

 
<Previous Next>

BYOD Mobile Security: UK Government Says Yes To iOS6, iPhones And iPads

Medical Laptop Security: Users Of Blood Clot Prevention Medicine At Risk Of ID Theft

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.