A laptop computer that was attached to an electromyography machine was stolen from Rancho Los Amigos National Rehabilitation Center, triggering a data breach. Laptop encryption like AlertBoot was not used to protect the data.
Not much is being reported except for:
667 patients were affected
The laptop computer included names, dates of birth, and medical information (diagnostic information)
The laptop was reported missing on February 24
The loss of this machine, which was not protected with encryption software, means it was a HIPAA breach and requires notification to the HHS. Plus, because it affects over 500 people, it will be made public at the Department of Health and Human Services website.
While it’s true that a full disk encryption program like AlertBoot would have ensured that information remains secure, and would have provided safe harbor from the HIPPA notification requirement, I’ve come to the conclusion that perhaps it might not be an ideal solution for medical devices. Well, depending on the device.
Electromyography (EMG) deals with electrical signals produced by muscles. I might not be a doctor, but it sounds like a non-emergency type of instrument. So, perhaps disk encryption might be a good idea.
But, with devices that deal with emergency responses, the last thing you want on those machines is an additional barrier to getting it to work. It’s like the doors to the ER: generally, they’re not locked because…well, because it’s the ER. Every second counts.