You may ask yourself, why does Compliancy Group require Full Disk Encryption on all devices that connect to, or store ePHI? Why is it a requirement and how will it protect me? What is HIPAA encryption at rest? Below, I will be happy to explain why Full Disk Encryption is so important.
We require Full Disk Encryption on all devices that connect to or store ePHI (including servers, desktops, laptops, smartphones, etc.) because in 2019, the fourth largest HIPAA fine ever, was levied for a stolen laptop that lacked said encryption. As a result, upon gaining access to the laptop, folks with malintent were able to see every bit of PHI data contained on that computer.
This was the catalyst for the fine. In essence, they did not have the proper safeguards in place. Had the hard drive been encrypted, there would have been no fine levied because any ePHI present would have been rendered entirely unreadable. The problem could have been remedied with a figurative flip of the switch.
