It seems like every month (or week) there is another story about a lost or stolen healthcare laptop containing patient data. The latest one that caught my attention was this one from Burlington NC where: Staff at Hospice Palliative Care of Alamance Caswell and LifePath Home Health notified around 5,370 current and past patients, or their next of kin, about a possible information breach stemming from a Feb. 24 break-in.
What's interesting is that the story reports that "most" of the data on the laptops were encrypted, but emails containing certain elements of patient health data (personal health information) were not encrypted, so some level of patient data was potentially compromised.
So, what's the answer to these health data breach challenges stemming from laptop theft or loss? Encrypt everything? Don't store any PHI on a mobile computer? Lock down every device? Virtualization? All of the above?