This story coming out of Oregon came across my feeds today which tells of the Oregon Health and Science University contacting 1,000 patients after a physician’s laptop was stolen from a car parked at the doctor’s home.
This story made me think of two things:
1. Why is PHI being stored on the laptop in the first place? I wish I could find out if there was an EMR involved. If there was, then the EMR should be storing all of the patient information on the server and none of that data should be stored on the laptop. So, if it gets stolen there’s no breach. That’s the beauty of an EMR these days. There should be no need for this to happen.
2. There’s some really cool technology that’s been coming out in recent laptops that will allow you to remotely wipe out the laptop if it ever gets connected to a network. Basically, once your laptop is stolen you report it stolen and they start tracking it down kind of like they do with stolen cars (same people from what I understand).
Once the stolen laptop is connected to the network, it will call back to the main center and receive the command to wipe out the laptop. Then, it will also give them information about where it was connected in order for police to possibly recover the stolen laptop as well. We’re implementing this on all our new laptops. I’ll be very happy once we have them all with this feature.
The best solution I’ve found is full-disk encryption with a hardware USB key + password. Without the key and the password (something you have + something you know), the laptop is just a brick.
We used this technology when sending nurse reviewers into the field to conduct chart audits.
Even full-disk encryption with a strong password is a good solution, e.g. Microsoft BitLocker under Vista:
http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption.
Like backing up your data, laptop security isn’t particularly hard, but not many people do it.
It should be a legal requirement that all portable computing devices have the functionality of remote wiping. Pretty easy to implement. In fact, Exchange Server can do that to PDA devices, if I recall correctly. But, I agree that the use of an EMR or ASP would eliminate the risk of this occurring. Either way, it is uncalled for and should be a non-issue in this day and age. And WHY was the computer left in the car?
Mike,
I’ve worked with some of the USB hardware keys before and have always been concerned about losing the hardware key and then being up a creek. Certainly nice encryption is an option as well.
The comparison to backups is a good one. Only major difference being that people think they’re backups are running. Most people haven’t thought about losing a laptop.
Our company has a product the is USB based key that provides storage, virtual desktop, etc as well as portable apps aimed at the PHR and EMR marketplace. The device has biometric and/or password authenication, 256 bit AES encryption, plus support certificates /PKI and can be remotely managed once the device is inserted to a web connected device. Even if the device is lost or stolen, there is virtually no chance at compromise due to the encryption and authenication components. Certainly would make sense in this application.
Remote wipe doesn’t get an organization out of notification because the data could have been accessed before the computer connected to the internet. Since you can’t be sure, you have to report the data breach, and the remote wipe capability becomes less valuable. Whole-disk encryption is the only way out of data breach notification for laptop losses.
Larry,
That sounds really interesting. The best part is the remote management of the device I think. I’d like to learn more about how the remote management works.
Dugolo,
Thanks for pointing it out. I had the same thought. However, wiping it will still give some comfort to those that are notified that there was less risk of it getting out. Especially since the computer is certainly password protected. Plus, the technology can help you recover the laptop in many cases as well.
Certainly encryption is the way to go, but even better than that is my first concept of storing no PHI on the laptop in the first place. That’s the beauty of an EMR.
Thanks John for the interest in the management functionality question.
To give you a high level overview of the management functionality, our product can be either a single use device where one person provides his/her personal authentication, once set-up, through biometric (finger) or password or both. However to take full advantage of the level of security, an administrator can provision, configure, and support the device or groups of devices depending on the rollout. Some of the management features are:
• Automated sync tool for backup of records and updates to apps when connected to web
• PHR app is a zero footprint which leaves no trace on host PC
• Ability to securely deliver communications from payer/provider when part of a plan/group/etc.
• Admins can tailor security policies and device behavior to different end user needs
• Use of credentials such as digital certificates and soft tokens (RSA) to provide an additional layer of security when part of a larger EHR group/plan/organization.
• Admin roles can be separated to provide proper delegation of management duties as a heighten level of security. For example, separate admin for configuration, certificate authority, and device issuance is possible.
• Capable of tracking a complete history of any administrative activities, user activities, security policies, and state of each individual device for audit and compliance requirements.
• Admins can create queries based on username, device serial number, or certain issuance parameters to get information about the devices in the system.
• Remote administrative device recovery option in the event of lost, damaged, or inoperable device
• Optional data destruction after multiple failed authentication attempts or in the event the device is lost or stolen. If the lost or stolen device is inserted into a computer connected to a live web connection, the device beacon will alert home server which will issue the command to destroy data
Our focus when we looked at the development around a portable device for PHR and data storage, our attempt was to leverage a device which will provide the best in security as well as utilizing an industry platform. Our product is intended to be an alternate to web based solutions when security is a real concern.