In what appears to be a reoccurring story, another hospital is notifying over 90,000 patients that their personal information has been breached. MidState Medical Center in Meriden, Conn., has notified around 93,000 patients that their information was stored on a USB drive and the drive is now lost. Information on the drive included names, addresses, dates of birth, marital status, medical record numbers and Social Security numbers.
It seems that almost every week we are reading about another organization losing a USB drive with patient data. It should be crystal clear to everyone that unencrypted USB drives are a real liability. Here is some advice to every healthcare organization:
THROW OUT ALL UNENCRYPTED USB DRIVES NOW!!!
Of course you want to make sure that all patient information is destroyed before throwing them out but the message is clear. If portable drives are a requirement for your organization then only buy drives that come with encryption and educate your employees on how to handle and protect them. That includes NOT putting the encryption password on the drive.
Encrypted USB drives cost more than normal unencrypted drives but the cost difference is minimal and much much cheaper than the costs associated with a data breach.
This is one of the easiest things that organizations can do to comply with HIPAA Security and to prevent data breaches.