Sometimes, Encryption Isn’t Enough
A recent news bulletin in Health Data Management noted that Rainbow Hospice and Palliative Care in Park Ridge, Ill., had an encrypted laptop stolen but still publicly reported the breach to affected patients, local media and the Department of Health and Human Services Office for Civil Rights.
A recent news bulletin in Health Data Management noted that Rainbow Hospice and Palliative Care in Park Ridge, Ill., had an encrypted laptop stolen but still publicly reported the breach to affected patients, local media and the Department of Health and Human Services Office for Civil Rights.
Breached data that is encrypted need not be reported under the breach notification rule, but here's why Rainbow Hospice had to issue notifications:
The laptop's hard drive, with protected clinical and financial information on 999 patients, was encrypted, says a spokesperson. Two passwords are needed to use the computer, with one of the passwords decrypting data to make the database accessible. So, encryption is turned off when the laptop is in use, and turns back on when the laptop is closed or shut down.
A nurse was visiting a home that had a "chaotic environment," with the laptop turned on and open when it was stolen. But if the laptop had been turned off when stolen, the data would have been encrypted behind two passwords and notification would not have been necessary.
--Joseph Goedert
Breached data that is encrypted need not be reported under the breach notification rule, but here's why Rainbow Hospice had to issue notifications:
The laptop's hard drive, with protected clinical and financial information on 999 patients, was encrypted, says a spokesperson. Two passwords are needed to use the computer, with one of the passwords decrypting data to make the database accessible. So, encryption is turned off when the laptop is in use, and turns back on when the laptop is closed or shut down.
A nurse was visiting a home that had a "chaotic environment," with the laptop turned on and open when it was stolen. But if the laptop had been turned off when stolen, the data would have been encrypted behind two passwords and notification would not have been necessary.
--Joseph Goedert
More for you
Loading data for hdm_tax_topic #reducing-cost...