The theft of a computer has left 10,000 patients being served by Hartford Hospital and VNA Healthcare. The computer belonged to a vendor who was working on a quality improvement project. The use of drive encryption like AlertBoot would have prevented this latest data breach, and shows the importance of BYOD security solutions in the age of the mobile workforce.
Subsidiary of EMC
According to beckerhospitalreview.com, the stolen laptop contained “personal information for 2,097 Hartford (Conn.) Hospital patients and 7,461 patients of VNA Healthcare,” the latter being a partner of the former.
The information included names; addresses; dates of birth; marital status; SSNs; Medicaid and Medicare numbers; medical record numbers; and diagnosis and treatment information. Naturally, these are considered protected health information (PHI) under HIPAA rules and their protection is paramount to any health organization’s activities.
While HIPAA doesn’t come out and literally say it, it’s common knowledge that the use of encryption software is deemed paramount when handling such sensitive data. Not only is PHI encryption an “addressable” requirement (as opposed to mandatory, which would admittedly raise all types of problems), the HITECH amendment to HIPAA — namely the Breach Notification Rule — makes it almost impossible not to carefully (really carefully) consider the use of encryption.
Which is why EMC, the vendor that ultimately held the contract for the hospital project, made the use of encryption a company policy.
The employee in question, however, must have not known that such a policy existed or must have decided to draw on his luck because laptop encryption was not used.
The importance of mobile security solutions cannot be emphasized too strongly in this day and age of BYOD and other mobile workforce acronyms. Take the above case, for instance.
The data belonged to the Hartford Hospital. However, it was stolen from an employee of Greenplum, which is a subsidiary to EMC. Furthermore, the laptop was stolen from the employee’s home. In San Mateo, California. That’s as mobile as a guy can get without crossing international borders.
Obviously, data gets around. And, data will be “getting around” more than ever as people continue to join the BYOD trend (which incidentally, has been an already long-running trend).
Related Articles and Sites: