How to Enforce FDE to Achieve HIPAA Compliance

When it comes to security breaches, few industries are under attack more than the healthcare industry (see the infographic below). This prevalence is one of the many reasons why the Health Insurance Portability and Accountability Act (HIPAA) was developed in the United States. As healthcare IT organizations work to become compliant with the regulation, several key processes must come into consideration. One of the key processes is implementing full disk encryption (FDE). Let’s look at how to enforce FDE to achieve HIPAA compliance.

Why FDE?

Why do healthcare IT organizations need to be worried about FDE for HIPAA? Well, for starters, HIPAA Security Rule §164.312(a)(2)(iv) states that organizations must “implement a mechanism to encrypt and decrypt electronic protected health information” (ePHI). But, beyond simply becoming HIPAA compliant, history has shown that healthcare companies simply need FDE to protect themselves.

When it comes to security breaches in healthcare, one of the most frequent sources of a breach are stolen laptops. We could spend days detailing each and every time a healthcare company has lost thousands of patients’ data. Instead, to save you time, let’s just touch on a few key examples that we can learn from.

Laptop Theft in Healthcare

  1. Rocky Mountain Health Care Services, Colorado, Sept. ‘17

For the second time in three months at Rocky Mountain Health, an employee’s unencrypted laptop was stolen, compromising at least 909 patients’ ePHI.

  1. Coplin Health Systems, West Virginia, Nov. ‘17

A password-protected yet unencrypted laptop was stolen from Coplin premises, potentially affecting the ePHI of 43,000 individuals stored on the computer.

  1. Charles River Medical Associates, Massachusetts, Nov. ‘17 

An unencrypted external hard drive was nabbed from the MA radiology clinic, exposing the ePHI of 9,387 bone scan patients.

  1. FHN Memorial Hospital, Illinois, Nov. ‘18
    1. 4,458 patients’ ePHI was lost following the theft of an unencrypted system from a hospital employee’s vehicle in IL.

These are only a selection of healthcare breaches that could have been prevented by the use of FDE in the past three years. To round out this information, just know that in the last year alone, 351 healthcare (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/enforce-fde-hipaa-compliance/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 277 posts and counting.See all posts by zach-demeyer