No Excuses: Encrypting your Hard Drive

January 31, 2010 at 10:28 am Leave a comment

We all know how important it is to keep Electronic Protected Health Information (EPHI) safe, right?

HIPAA requires on disk encryption whenever appropriate.  That means, if you have a laptop with EPHI and it gets stolen and the data wasn’t encrypted, you’re in trouble.  No matter what your role in the food chain (provider, consultant, auditor, etc.) you’re likely to be held liable and the new stiffer HIPAA penalties mean you could be paying out for a long time to come.

So let’s avoid all that, and encrypt sensitive files on your hard drive.  Here are three no-cost solutions:
  1. Encrypted File System (EFS):  This option lets you encrypt some folders in your hard drive, without having to encrypt the entire drive.  That means you don’t have the (relatively) small performance hit of encrypting the entire drive, but if someone steals your hard drive, they’ll be able to see the names of all of your files/folders (although they won’t be able to see the contents of them).  This assumes you have a very strong password protecting your login – if you don’t, there’s no point in EFS because someone could simply brute force your password and get your files.

  2. BitLocker:  If you have the Ultimate or Enterprise versions of Vista or Windows 7, you can turn on BitLocker and encrypt an entire hard drive.  Note, BitLocker only encrypts the drive your OS is installed on (most likely C:) and requires some special hardware, which your computer may or not have.  Pros: encrypts entire drive & doesn’t rely on your login password for security.  Cons: slight performance hit, requires Ultimate or Enterprise versions of Vista or Win7, and requires special (although fairly common) hardware.
  3. TrueCrypt: An Open Source version of BitLokcer which works on any Windows OS version (e.g. Windows XP, Vista Home, etc.).  Cons: not quite as fast as BitLocker.

Now, if your laptop gets stolen, at least you won’t have to worry about notifying hundreds of patients that their data has been compromised.

Entry filed under: Uncategorized. Tags: .

Business Power Tools: HIMSS Tools Seattle Startup Networking Links

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

What is this blog?

Our take on startups, healthcare, and what happens as we mix the two.

 RSS Feed

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 6 other followers

Our Company

Recent Posts

Contact

 @Justin_Wilcox
Mail: JustinW@NimbusHealth.com
Follow

Get every new post delivered to your Inbox.