A recent change in federal privacy laws is causing huge numbers of IT departments to examine the steps they take to keep data secure. Although the specific law affects organizations that store or process medical records--hospitals, insurance companies, human-resource departments, and so on--the change actually touches on an even larger issue, that of keeping any kind of private information truly private, as this reader letter suggests:

Fred, I do medical research and am being asked for recommendations about keeping medical data secure. As you probably know, a new set of regulations took effect on April 16 pertaining to privacy of medical records. These are the so-called "HIPAA standards" I'm glad that the new regulations are inspiring people to pay closer attention to this topic and would like to respond to their questions. Very frequently, researchers use portable media (notebook computers, mainly, but also Zip disks and PDA's) to transport their data, and most statistical-analysis software doesn't claim to offer even a modicum of security. So I'm asking for advice. Specifically, what measures do you and your readers recommend to secure sensitive data that resides on a notebook computer? There are several software products that encrypt individual files and create encrypted virtual drives. Which of these products do you recommend, if any? --Paul Falzer

[ Read more ]