Yesterday, OCR updated its breach notification website [ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html]
which now summarizes 107 breaches involving 500+ individuals. The numbers are instructive.Of the 107, there were 67 thefts, of which:34 were laptops11 were other portable devices15 were desktop computers (I'm guessing the newer stuff which is now the size of older
laptops).It would seem that anyone managing risk has to look at these numbers and re-evaluate their approach to securing moveable computer technology in the health care setting--and business associate. The case for encryption and/or track and trace is getting pretty compelling compared to the cost of breach notification.