Top Menu

HIPAA Security Reminder of the Week

Potential HIPAA Security Violations

When an unencrypted device containing ePHI is stolen or missing, this could result in a HIPAA security violation.

For example: A thumb drive containing the Electronic Protected Health Information (ePHI) of approximately 2,200 individuals was stolen from a vehicle. The entity needed to conduct an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of the security management process.

  • Make sure all mobile devices containing PII and PHI (laptops, smartphones, portable USB drives, thumb drives, etc.) are encrypted.
  • Ensure documented policies and procedures are in place, are being followed and reflect actual practices.
  • IT will regularly conduct a sample audit of devices to ensure encryption is installed and operational.
  • Complete a thorough, bona fide risk analysis of all mobile devices to ensure that all threats, vulnerabilities, and controls have been considered.