From today’s CNN.com: “Stolen Laptop Contains Personal Info of 2,500 Patients.” What’s more…this was a government laptop and there the data was not encrypted.
Laptops get stolen, so if they’re being used in patient care they MUST NOT store accessible PHI. Here are a few ways to address this:
- Don’t store PHI on laptops. This is the absolute best way to prevent the loss of patient data if a laptop is stolen. To do this, use a web-based software backbone for management of patient records. The actual patient information is always stored in a secure location (usually in multiple secure locations) behind lock and key that dwarfs any security possible on a mobile computer.
- Encrypt the PHI on the laptop. Use medical record software that encrypts PHI so that it is not in a usable form unless proper passwords and authentication have been entered by the owner. It is possible for this information to be hacked, but not as likely as leaving it wide open for the world to see.
- Secure your data. Use bios-level security that prevents entry to hard disk information without proper passwords and/or fingerprint authentication. The same applies here…this prevents the novice from getting in to the information, but someone who really knows what they are doing may be able to gain access.
The best alternative is to keep all PHI off of mobile computers and away from any vulnerable software applications such as unsecured email, IM, or electronic files.
WASHINGTON (CNN) — A government laptop computer stolen last month held unencrypted medical records of 2,500 participants in a government study, Susan Shirin, deputy director of the National Heart, Lung and Blood Institute (NHLBI) told CNN Monday.
The incident prompted the NHLBI to issue a statement saying it would no longer store patient medical information on laptops.
The lack of encryption violated federal guidelines dating back to 2006. Shurin told CNN the stolen laptop “fell through the cracks” and should have been encrypted. A thorough review of other laptops containing sensitive information is under way, she said.
The computer was stolen on February 23 from the trunk of a senior employee’s car, Shurin said. It contained the names, birthdays, medical record numbers and diagnoses of patients who participated in a heart disease clinical trial study conducted by NHLBI from 2001 to 2007.