TIP: Require encryption on all laptop computers
HIPAA Weekly Advisor, July 12, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Editor’s note: This is the fifth in a series of tips in HIPAA Weekly Advisor on laptop security. The excerpts are courtesy of the HCPro, Inc. newsletter, Briefings on HIPAA.
Encryption technology is now available, mature, and proven, says Phyllis A. Patrick, MBA, FACHE, CHC, cofounder and managing director of AP Health Care Compliance Group, which has offices in Pittsburgh and Purchase, NY. “Encryption has progressed considerably since the HIPAA Security Rule became effective in 2005.”
You should encrypt all laptop computers, Patrick says. Modern laptop computers are capable of whole-disk encryption without hindering performance.
Healthcare organizations should purchase laptop computers with hardware-based encryption technology to ensure that data on lost or stolen equipment are secure, says Daniel F. Gottlieb, Esq., a partner at McDermott Will & Emery, LLP, in Chicago. Passwords, even robust passwords, are not adequate protection because hackers and thieves often can crack them.
Gottlieb also recommends configuring laptop and desktop computers to either shut down automatically or enter a password-protected screensaver mode after 15 or 30 minutes of inactivity.
Primary concerns about encryption pertain to management decisions. Management need to decide what to encrypt, how to recover passwords to unlock encrypted data when users lose their passwords or leave the organization, and whether to make passwords available to unattended backup and client management software.
Don’t require additional passwords for users to remember, advises Patrick. Encryption software works with single sign-on and other technologies many healthcare organizations use today.
Ensure that users receive proper training in the process dictated by the encryption software’s documentation. Also, ensure that IT support for users is readily available and easily accessible, Patrick says. Plan to increase help desk resources, if necessary, to support staff members who use encrypted laptop computers.
A properly encrypted laptop computer (one that meets certification standards) should not present a security risk, says Patrick. Access the certification standards.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched