The HIPAA Privacy Rule de-identification standard-Section 164.514(a)-includes two methods by which health information can be designated as de-identified: expert determination and safe harbor.
Q. A long-term care facility has deployed laptops that connect to a file server and are password protected. The laptops are not used to store PHI or other confidential data and are not removed from the facility. Do the laptop hard drives need to be encrypted?
If there's one conclusion that OCR is ready to draw from the 115 HIPAA compliance audits conducted last year, it's that there is plenty of room for improvement.