Portable Storage Devices and Encryption Technology
Mike Wheeler 792-8744 firstname.lastname@example.org
Recently, the Department of Health and Human Services (HHS) fined an institution $50,000 for a release of health information resulting from a stolen laptop. The laptop did not contain encryption technology as required by Federal regulations.
This was the first fine issued by HHS due to the release of information involving less than 500 patients. In the past, HHS fined institutions when the number of patients involved exceeded 500.
All portable devices including laptops, thumb drives, portable hard drives, cell phones, tablets, etc. storing sensitive information such as protected health information, social security numbers, medical record numbers, dates of birth, dates of service, etc. must be encrypted prior to storing any sensitive information on the device. Failure to comply with encryption requirements on these devices will result in appropriate disciplinary actions.
For assistance on installing encryption software, please contact the OCIO Help Desk at 792-9700.