in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Desktop Computer Encryption: Bay Area Pain Medical Associates Has HIPAA Breach

Another incident that shows the importance of using HIPAA encryption software on desktop computers.  In addition, it shows why full disk encryption is preferential to file encryption.

Medical Establishment Break-in

Bay Area Pain Medical Associates, according to phiprivacy.net, has contacted patients that three desktop computers with patient data were stolen in May of this year.  Because HIPAA/HITECH provides safe harbor from the Breach Notification Rule for any PHI (protected health information) that is guarded with encryption software, one can assume that the information was not properly protected.

The assumption in this case would be partially wrong.

According to the notification letter Bay Area Pain Medical Associates is sending out, "all medical records were encrypted and inaccessible, [however] we believe one Excel spreadsheet containing approximately 2,780 patient names" was not.

What we can tell from this admission is that full disk encryption was not used, as this particular encryption technology protects a computer's entire hard drive (the hardware where data is stored for the long term).  Chances are, file encryption was used to protected individual files (or possibly, folder encryption, where a select folder or folders are encrypted, along with anything that is placed inside of it).

File/Folder Encryption vs. Disk Encryption

Does this mean that disk encryption is superior to file encryption or folder encryption?

Not quite.

They have different uses.  If you're looking to protect your files from being stolen wholesale (i.e., a stolen computer triggers a HIPAA breach), then disk encryption is a no-brainer.  However, disk encryption cannot protect a person from instigating other types of HIPAA breaches.  For example, if a file has to be sent via email, disk encryption cannot help – the correct tool would be to use file encryption.

Just like a chef has a number of different knifes that essentially do the same thing (cut stuff), there are different encryption tools that are made for a particular purpose.  The correct approach to data security is to use these as needed.

Related Articles and Sites:
http://www.phiprivacy.net/bay-area-pain-medical-associates-contacts-patients-after-office-burglary/
https://oag.ca.gov/system/files/BayArea_proof_0.pdf
 
<Previous Next>

Medical Laptop Theft: Is It Really The Hardware They're After?

HIPAA Encryption: RI Hospital Settles With MA Attorney General For $150K

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.