A doctor who works with children in the Fresno area has offered a reward for the return of her computer. It does not sound as if hard disk encryption like AlertBoot was used to protect the device.
Car Break-In, Yet Again
According to kmph.com, Dr. Gloria Traje-Quitoriano’s computer, full of patient information, was stolen from her husband’s car. The PHI include names, home addresses, phone numbers, dates of birth, and Social Security numbers.
The doctor is particularly concerned about “the files because they can get identity, my patients’ identity.” She is hoping that a $500 reward for the safe return of the computer may curtail the ramifications of the laptop theft.
Incidentally, this is why I’m assuming that the computer was not encrypted. PHI encryption pretty much ensures that thieves will not be accessing a computer. So, there wouldn’t be a realistic concern on the safety and integrity of patient data, and you certainly wouldn’t be offering a $500 reward — unless your objective is to regain your hardware.
Maybe If You’re Lucky
The return of the unprotected laptop computer, though, does not automatically mean that patient data is safe. Remember, if there is nothing preventing unauthorized access to the computer — like encryption software that requires the correct password — a thief could easily boot up the computer; copy any sensitive files to another computer (that he probably stole); and return the computer to the doctor to collect the $500.
Depending on the situation, such as whether the doctor bills Medicaid, this is most certainly a breach of HIPAA Security rules. An unencrypted laptop has no business being inside a car. If you frequently travel with a device that stores patient data, you have to encrypt.