50,000 Reasons Why Laptop Security Matters

December 14, 2010

Here’s an interesting statistic for you: According to security vendor Symantec, a laptop is stolen in the U.S. every 53 seconds (a total of more than 525,000 a year).

Here’s an interesting statistic for you: According to security vendor Symantec, a laptop is stolen in the U.S. every 53 seconds (a total of more than 525,000 a year).

Here’s another one: Health and Human Services (HHS) reports that laptop theft is the leading cause of privacy breaches of health information. Based on a recent HHS study, 24 percent of major breaches (defined as those that impacted more than 500 people) involved laptops. 

The implications of lost laptops go beyond the temporary inconvenience of not having your computer. With the recent passage of the HITECH act in February 2009, HIPAA privacy and security rules and penalties were increased. Fines are now up to $50,000 per violation, with total maximum penalties (for multiple violations) of up $1.5 million per calendar year. You could be exposing yourself to lawsuits.

In addition, there are some pretty significant notification requirements, including: contacting each impacted individual by mail or email within 60 days of becoming aware of the breach; notifying HHS; and if the breach impacts more than 500 people, informing the media.

These implications are in addition to any personal information kept on a laptop, such as social security numbers, passwords and log-ins that might be used by thieves to inflict financial pain and distress on you and your patients.

All these potential penalties should be a wakeup call for those of you who are happily dependent on your laptop but have not thought much about security.

It’s time to think about security.

Let’s start with physical security; this is a HIPAA buzzword that simply means you take the necessary precautions so that your laptop does not get lifted in the first place. Here are few basic preventative steps:

• Don’t leave your laptop in the car. The current generation of smash-and-grab care thieves work quickly.

• Mark your laptop with an asset tag. This increases the probability that a stolen laptop is returned and may make the thieves think twice before they try to resell it. Currently, there are many tag makers on the market. ArmorTag (www.armortag.com) gives you a variety of tamper resistant tags that can be used for laptops.

• Get a laptop lock. All laptops have a special slot (called the Universal Security Slot) for attaching cable locks. In spirit, they work in the same way as a bike lock. They are not impenetrable, but do provide a deterrent to the quick-snatch thief. Visit any of the major online retailers for a good selection of styles (search under computer security cables).

The true treasure of the laptop is not device itself, but what’s inside. For the unscrupulous thief, a stolen laptop from a medical professional can be a gold mine, particularly if they can access patient medical IDs (which can be used to initiate bogus bills to payors) or personal information such confidential passwords and social security numbers. To protect yourself from these kinds of threats you need to initiate data security measures.

Some simple things you can do (without having to take a 12-week course) include the following:

• Require a login to access your computer. This is relatively easy operating system function.

• Minimize the amount of patient data on your laptop. If you are using an EHR, you should not have any patient data on your local laptop-it should reside in the EHR database, which in turn should be secured by another confidential password. Resist the temptation to store patient data locally.

• Password-protect sensitive documents. This includes, but is not limited to, your lists of user names and logins to secure programs and websites.

• Back up your data. While this step will not prevent hackers from exploiting stolen information, it will allow you to quickly retrieve and restore what you have lost.

Bruce Kleaveland is a paid correspondent through Intel’s sponsorship with Physicians Practice.