06-17-13 | Blog Post
According to HealthDataManagement.com, a laptop that may have operating room information on nearly 13,000 pediatric patients was stolen from a badge-controlled access area of the Lucile Packard Children’s Hospital at Stanford in early May. While the electronic systems were encrypted, the laptop was not encrypted, and only protected with a password.
Keeping electronic protected health information (ePHI) off of devices and in HIPAA compliant data centers is one way to avoid a data breach caused by theft or lost laptops, phones, USB drives, etc. A data center that has the required physical, technical and administrative security intact can meet the requirements of HIPAA to protect health data.
Securing access to networks via VPN (virtual private networks) and the use of two-factor authentication to log into said networks is the second step.
According to FierceHealthIT.com, this isn’t the first data breach for the hospital – in January, another laptop was stolen from an off-campus physician’s car, and three years earlier in a separate incident, another laptop was stolen by an employee containing patient data.
With the amount of laptop incidents the hospital has incurred, one would think finding a way to either keep ePHI or properly encrypt the device or data would be a priority. Establishing an administrative security policy against leaving devices in unsecured locations (i.e., vehicles) could also highlight employee awareness and prevent potential theft.
For more about HIPAA compliant solutions, read our HIPAA Compliant Hosting white paper. Questions to ask your HIPAA hosting provider, data center standards cheat sheet and a diagram of the technical, physical and administrative security components of a HIPAA hosting solution (including HIPAA compliant clouds) are included.
For other HIPAA compliant resources, check out:
What is HIPAA Compliance?
Who Needs to be HIPAA Compliant?
HIPAA Glossary of Terms
HIPAA Resources: Policies, Procedures and Training Materials
HIPAA Compliant Hosting White Paper
Register free online for our upcoming encryption webinars to find out how to protect your organization from data breaches:
Encryption at the Software Level: Linux and Windows
Join us for an informative/technical webinar on encryption at the software level as Mark Stanislav, Security Evangelist at Duo Security discusses encryption for Linux, and Farooq Ahmed, Software Development Manager of Online Tech discusses encryption for Windows.
Encryption at the Hardware and Storage Level
Join Steve Aiello, Systems Support Manager at Online Tech for an informative webinar on encryption at the hardware and storage level.
References:
Lucile Packard Notifies 12,900 Following Laptop Theft
Lucile Packard Suffers Second Data Breach in Six Months