Health Information Technologies and Processes

Lost, Unencrypted Laptop...$1.04 Million...P&P not implemented

  • 1.  Lost, Unencrypted Laptop...$1.04 Million...P&P not implemented

    Posted 15 days ago
    I have to imagine this incident which we seem to hear of often enough (a lost or stolen unencrypted laptop) has to be somewhat frustrating when as described in the press release...the entity had a policy to encrypt ePHI...but for whatever reason, encryption was not in place on the laptop involved.  Doink!

    Just think...if encryption was in place (let's assume for the sake of this posting the encryption was consist with OCR guidance), no required notifications would apply.  For me, the takeaway for some may be to ensure that your policy to encrypt ePHI is actually implemented, particularly on transportable media or mobile devices.


    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------