Disk Encryption: Your HIPAA “Get Out Of Jail” Free Card

    understanding hipaa

    We’ve said it before, but if you work in a regulated industry (HIPAA, PCI, Sarbanes-Oxley, etc…), data encryption is a term you’ve likely heard before and it’s something that is not optional. What is data encryption? It basically is a technology that converts readable data into random gibberish that must be decoded to become readable again. Whether it’s data in-transit (data that’s going over a network) or what’s called data at rest (data that’s sitting on your computer, hard drives, tape backups, smart phone, thumbdrive, etc…), encryption of that data is critical to your business and your client’s data. Read on for why this is something you need to be thinking about in your business, whether you are in a regulated industry or not.

    Encryption of data in-transit is getting more and more standard, thanks to secure VPNs and SSL communications and has been around for many years. However, easy-to-use encryption for data-at-rest has been less commonplace. While the software has been around for quite a while, compatibility, installation, and manageability issues have made implementing full disk encryption more of a chore.

    Why is full disk data encryption so important? Using HIPAA as a guide (we know a thing or two about HIPAA), the HITECH Act of 2009 modified the HIPAA data breach rule to state that if a device is lost or stolen, you don’t have to report the loss as a data breach if the data is encrypted in compliance with data encryption standards from the National Institute of Standards and Technology (NIST).

    Long story short, encryption could be your “Get Out Of Jail” card. If you have a bunch of laptops that get stolen or lost from your medical environment, there are likely two ways this could go:

    1. You pay an expensive fine (our Alaska clients might recognize this story) and have to report the breach, which can lead to a public relations nightmare.
    2. You check your reporting that the hard drives in those machines were fully encrypted, and you sleep a little bit better knowing that your patient and client data is safe. 

    Which option sounds more appealing to you? We thought so.

    While there are free options out there for full disk encryption that will work, we’ve generally found them lacking from a central reporting, management, performance and usability standpoint. Reporting is a very important element of this. One of the biggest keys with all regulated industries is not only saying that you’ve done something, but actually proving that you did. Having automated reporting as part of your disk encryption solution is something that is anything but optional.


    WestonDataProtection is part of our suite of HIPAA services. WestonHIPAAService is part of Weston’s line of business IT, compliance, and training services. Our services include monitored anti-virus, HIPAA training, managed Windows patching, compliance audits and risk assessments, and whole disk encryption.  Weston Technology Solutions provides all the services you need to becoming HIPAA-Compliant and to minimize HIPAA-related technology headaches. Contact us today by calling us at

    Comment : 0

    Leave a Reply

    Your email address will not be published.


    - A Team That Supports Your
    People, Not Just Your Technology