Breach notification added to HIPAA
Healthcare provisions in the recently-passed spending bill add a data breach notification requirement for organizations covered by HIPAA. HHS has 60 days to issue guidance on how to secure health information. This is sure to include encryption for portable devices like USB Flash Drives. If a breach is discovered and the data was not secured, the organization must notify anyone affected as well as the local media.
Public notification is not required if the data is shown to have been secure. There are several ways to prove that the device was secured:
- Hardware-level encryption and 100% private partition - the user cannot accidentally save data in a public space, the encryption cannot be accidentally circumvented or removed by the user
- Remote management console - the administrator can show that the device is in compliance with current security policies including password strength and protection from brute-force attacks.
Remote management gives added protection when being audited. Administrators can demonstrate that the missing device was remotely wiped at a precise date, time and location (by IP Address, Hostname and Domain). The Kanguru Remote Management Console was reviewed last year by Tom's Hardware. Visit our webpage to learn about the features that have been added since that review.