When an organization collects and stores people’s Protected Health Information or PHI, it is responsible for safeguarding the information in accordance with the Health Insurance Portability and Accountability Act. Failure to encrypt such HIPAA-protected data when storing it on a laptop leaves your organization subject to financial penalties, noted a recent post at Fox Rothschild’s HIPAA, HITECH & HIT blog. The theft and loss of laptops that weren’t protected with robust encryption resulted in the Office of Civil Rights at the Department of Health and Human Services recently imposing nearly $2 million in fines on two organizations, the blog noted. Companies have more to fear than penalties. They also stand to lose their good reputation amongst customers and clients following data theft.
Encryption Boosts HIPAA Security on Laptops
You can’t password-protect your laptop in a casual manner to avoid criminals or unauthorized people from viewing data protected under HIPAA. Instead, you need to install strong encryption on the device to meet National Institute of Standards and Technology (NIST) standards and foil would-be data thieves.
Laptop Theft Can Happen at Any Time
At Sergeant Shredder, our shredding technicians have law enforcement and military backgrounds, which makes us particularly attuned to the problem of identity theft and security. To underscore the importance of HIPAA security on laptops, consider the following situations:
- You leave your laptop on a table at a cafe to place an order or use the restroom and it is missing when you return.
- You leave your laptop in your car and someone breaks in or steals your vehicle.
- You lend someone your laptop to check their email and they snoop through the files.
Imagine that an organization that you deal with on a regular basis suddenly announces that it has lost a laptop containing your private medical information. You’ll experience the fear that your data has been exposed to criminals bent on committing fraud and identity theft. Multiply your anxiety by the number of people whose health information your organization keeps on file and you will quickly see just how important it is to use HIPAA security on laptops.
Shredding Laptop Hard Drives
Once laptops have reached their end of life, it makes sense for organizations to shred their hard drives. Wiping it clean doesn’t necessarily mean erasing HIPAA-sensitive information. That holds true to desktops, tablets or other devices that access patient files. Shredding hard drives means that confidential is completely and irrevocably destroyed.
How do you handle HIPAA security on laptops for your organization?