While proper security measures are crucial for businesses across all industries, the healthcare sector needs to be especially vigilant in keeping patient data safe. Even if a device goes missing and is later returned, the amount of time that it was no longer in the possession of a company, a breach has occurred.
With that in mind, companies are well-advised to ensure that they have a comprehensive technology insurance policy in place. That way, should any security threats occur, the organization has the necessary means to make a quick and fully recovery.
When it comes to medical facilities - or organizations involved in healthcare - security threats run the risk of violating the The Health Insurance Portability and Accountability Act of 1996 (HIPAA). That is exactly what the University of Iowa Hospitals and Clinics (UIHC) might be facing, as it was discovered in an audit that over half of 500 issued laptops did not have the encryption software necessary to protect sensitive information.
According to the Press-Citizen, an Iowa newspaper, the devices did have passwords, but there were no extra measures taken. HIPAA rules state that all portable electronic devices containing sensitive patient information must be encrypted.
"Encryption and destruction - like shredding papers - are the only methodology for rendering what we call ... protected health information ... unusable, unreadable and indecipherable to anyone who's not supposed to be looking at it," Rachel Seeger, spokeswoman for the U.S. Department of Health & Human Services Office for Civil Rights, told the Press-Citizen. She would not comment on whether UIHC's case was a HIPAA violation.
All businesses should make sure that they are complying with local and federal laws when it comes to protecting sensitive information. Commercial insurance specialists can help find a policy that accounts for possible security breaches. This can guarantee an easier - and less costly - recovery process should devices become lost or infiltrated by cyber hackers.