If NASA had to comply with HIPAA


Let's all be glad that NASA does not handle ePHI. A recently-released written statement for a hearing about NASA's IT problems contained this excerpt:

"Between April 2009 and April 2011, NASA reported the loss or theft of 48 Agency mobile computing devices, some of which resulted in the unauthorized release of sensitive data including export-controlled, Personally Identifiable Information (PII), and third-party intellectual property. For example, the March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of the algorithms used to command and control the International Space Station. Other lost or stolen notebooks contained Social Security numbers and sensitive data on NASA’s Constellation and Orion programs. "

Just another reminder about why you should encrypt your hard drives.