The recent work by the HIT Standards Committee requires the encryption of patient identified data on mobile devices (laptops, USB drives) to ensure confidentiality is protected. This is already required by the Massachusetts Data Protection Regulations.
At BIDMC, we use McAfee's Endpoint Encryption as our enterprise solution for encrypting mobile devices.
Though the product is good for the enterprise, there are alternatives for the home user (taking into consideration factors such as usability, supportability, performance, cost). For personal use, PGP Whole Disk Encryption is my cool technology of the week.
PGP Whole Disk Encryption provides continuous disk encryption for Windows and OS X, enabling data protection on desktops, laptops, and removable media.
The PGP Whole Disk Encryption engine operates at a system level between the operating system and the disk drive, providing user-transparent, sector-by-sector disk encryption and decryption.
The only change in the end-user experience with PGP Whole Disk Encryption is the addition of a pre-boot authentication screen. The pre-boot authentication screen protects the system from being accessed by unauthorized users by disabling their ability to attack operating system–level authentication mechanisms. Once the end user provides valid authentication, encryption and decryption of the disk are transparent to both the user and the operating system.
PGP Whole Disk Encryption uses the Advanced Encryption Standard (AES), which is the standard recommended by HITSP and the HIT Standards Committee.
A personal encryption system for mobile devices that is compatible with all the privacy and security protections suggested by national committees to comply with ARRA/Meaningful Use requirements - that's cool.
Speaking of new Technology - did you see this for an iPhone:
ReplyDeletehttp://gadgetwise.blogs.nytimes.com/2009/09/16/a-real-keyboard-for-the-iphone/?ref=technology
Also check out TrueCrypt. It is the preferred disk encryption technology for us nerds.
ReplyDeletehttp://www.truecrypt.org/
1. Open Source
2. Multi-Platform
3. Low resources
4. Supports multiple encryption standards
John:
ReplyDeleteHave been using PGP for several years. As I have potentially sensitive client information on my laptop, I feel it is a disservice to my healthcare clients not to afford them some protection of their information. PGP's a great product!