UPDATE: Based on the comments, it seems like TrueCrypt is a nice free open source option for encryption. Some others were mentioned as well.
In all of the various HIPAA violations I’ve read about, they almost always blame some lack of encryption on the violation. In most of those cases it’s a laptop or other mobile device that should have had disk encryption that didn’t.
The problem I have with disk encryption is that I’m not familiar with any really easy to implement, but effective solutions for doing full disk encryption on a device.
I’m not talking about enterprise encryption. I’m talking about encryption that can work in the small or even solo medical practice. Not to mention at the small clinic price point too.
If you know of a solution, I’d love to hear about it.
Truecrypt. Open Source. Free. don’t need full disk encryption, just encrypt the portion that stores the data. Easy to set up and maintain.
Bitlocker!
http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption
FileVault!
http://en.wikipedia.org/wiki/FileVault
Someone beat me to the punch. If you’re not looking for enterprise management features (key escrow, etc), TrueCrypt cannot be beat. It is open source with years of auditing and review, supports AES/Blowfish/any cipher you might want to use, and has no noticeable system performance hit on most PCs. The product is owned by a non-profit foundation, much like Mozilla.
You have the option to set up a virtual encrypted disk drive container, but Truecrypt also supports full disk encryption (at least in Windows) seamlessly and beautifully.
It’s free, and it beats the pants off every commercial encryption solution I’ve used.
truecrypt.org
Lifehacker readers very recently gave it a glowing endorsement: http://lifehacker.com/5679777/best-file-encryption-tool-truecrypt
I second truecrypt. Users of Windows Vista or Windows 7 Ultimate and Enterpise versions also have the Bitlocker option available to them.
Yup. TrueCrypt. Takes maybe five minutes to get it started and you can continue to use your computer, even shut down and resume. There are dozens of YouTube video’s that show you how if you want to see what is involved before committing to it. We use it on all our systems, including servers and USB drives, but I can’t imagine using a portable computer without it, even if you don’t have PHI stored on the device.
I don’t think there is one solution that fits every need, but let me suggest one I often recommend. The produce is called the Apricorn Aegis Padlock with AES 256 bit encryption.
This is a portable USB hard drive that has a keypad built it. In order to access the drive you just enter your PIN on the keypad. Disconnecting the drive re-locks it. There is no software to install and so no software to hack. Trying multiple incorrect PIN numbers causes the drive to encrypt the data with a random PIN rendering it useless.
This is not a networked solution but is ideal for people who must work offsite. It is especially useful with those EMR applications that allow you to “package” a group of charts with a viewer and thereby save everything to this encrypted portable drive.
iPads have full disk enryption built-in.
A commercial option is PGP Whole Disk Encryption. It’s a standalone product for Mac/Windows/Linux, $149. It used to be included in PHP Desktop Home (along with email and instant message, and file encryption, which they’re best known for), but may at least be purchased as part of PGP Desktop Pro. (PGP was recently acquired by Symantec.)
I’ve used the PGP Desktop product on the Mac for email and file encryption and found it first rate. I wish my doctor used it.
This thread is a great example of why I love blogging. Thanks for letting me know about TrueCrypt. I love open source and this looks about as easy as it should be. Unfortunately, it looks like I might have to give up my nerd card for not knowing about it earlier though. At least I have the power of blogging to help me out when needed.
Thanks everyone!
Don’t forget hardware-based solutions! We spec our laptops with FDE harddrives (it adds about 100$) and then don’t have to worry about managing software, configuration, etc. It is completely handled by the BIOS and hardware. See the options available:
http://www.seagate.com/www/en-us/products/laptops/laptop-hard-drives/
This thread is a great !
iPads automatically encrypted?
Be careful what you say, I don’t believe that is correct.
You can set an iPad to auto delete after X failed logins, but there is no encryption.
Whole disk is the only correct answer.
“All data” on an iPad is encrypted by the hardware, as stated by Apple’s security overview PDF (to see it Google “ipad business security”). However, there are reports that the encryption key (which is necessarily stored in the hardware) can be obtained, and the data decrypted, by jailbreaking the device. I can’t immediately find confirmation of that either way. Also, I’m not certain whether images and sound files are automatically encrypted. Certainly its a lot better than no encryption, but whether it’s good enough for a particular use I wouldn’t presume to say.
I wouldn’t assume that whole-disk is the only way to go for devices; it depends on what software you use, and how.
You wouldn’t assume whole-disk is the only way to go, yet you assume iPads are encrypted…at least initially.
When reporting a lost or stolen mobile device that had PHI on it, the best answer is, “Yes, the whole drive is encrypted.”
As one who is paid to be paranoid about these things, I tell offices:
1) Don’t store PHI on portable devices.
2) If you absolutely must, encrypt the entire device.
If you only encrypt 1 folder you leave open the opportunity to accidentally save to an un-encrypted folder.
Why allow for this possibility?
The disadvantage of TrueCrypt is that TrueCrypt cannot encrypt the entire boot volume (from the drive from which you run your operatinig system)
They don’t support key escrow, and offers no back doors for password recovery. If a users forgets his or her passphrase, the encrypted information will be permanently and irretrievably lost.
You could sync only whole truecrypt file instead files in the truecrypt. Therefore, you could not use the same files in two computers in the same time.
If you are running Vista or better, you most certainly can encrypt the entire system drive with TrueCrypt. I don’t really understand Angela’s comment about two computers at the same time. Every drive on our file servers is encrypted with TrueCrypt and the shared folders on those drives are used simultaneously by multiple people on multiple computers. Once mounted, the volume appears and is used just like any other drive. Also, the whole point of disk encryption is that there are NO back doors. Such recovery options would quickly be cracked.
You can enable whole disc encryption on Macs in the system settings. It encrypts and un-encrypts on the fly so it slows your machine down very slightly, but most won’t notice.
Re Zenfire’s comment – No, Macs do NOT support whole disk encryption. FileVault only encrypts the user folder. Just Google for “filevault whole disk encryption” to see many discussions on this limitation.