HIPAA rules do call for encryption when PHI (Patient Health Info) is in transit and this especially extends to laptops as well. If you are a healthcare professional such as a doctor or dentist you might have a laptop that you travel with and also might have patient records for easy access.
Drive Encryption Protects You And Your Patients
While it's ok to have patience records on a laptop compliance requirements mandate this data be encrypted. Let's say your laptop has a password on it but you lose it. A tech savvy person can very easily remove the hard drive, "slave" it to another computer and read all the data that's on there, simple as that. Under HIPAA rules this would be considered a breach and would have to be reported.
If your laptop has windows 10 pro you can use BitLocker encryption which is built into windows and it's free. Just turn it on and be sure to make a recovery key in case you forget your password. The problem with this method is in case of an audit there is no real way to prove your is encrypted. Let's say you turned on BitLocker two months ago, how do you prove that your laptop that was just stolen yesterday still has an encrypted hard drive? You can't really.
A better method is either you or your IT support company make sure your laptops are compliant by using an encryption service such as the one from Sophos. Yes there is obviously a cost because it's not a free service but you can prove that your laptop is encrypted through verified reporting.
If you are using an external USB drive to either keep patient records on or even making a backup of your laptop that needs to be encrypted as well. Losing that USB drive is the same as losing your laptop and if it has PHI on it you would have a breach on your hands.
If you want to keep your practice compliant you not only need to encrypt PHI but you need to prove it in the event of a potential breach.
Neotech Networks is an IT provider in in the New York and Long Island that serves small businesses. If you would like a free consultation please use our contact form or call 212.858.9022
224 West 35th Street 11th Floor
New York, NY 10001