HIPAA and the Encryption Effect

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects the confidentiality of Protected Healthcare Information or PHI. In 2009 HIPAA was updated with the HITECH Act that increased focus on the penalties and rules around disclosure in the event of a PHI breach.

The consequences of a PHI breach can be severe. Should a breach occur and the data is not encrypted, organizations may be obliged to:

  • Notify all individuals concerned
  • Notify the HSS
  • Notify major media outlets (for breaches of 500+ records)
  • Incur severe fines which can be in excess of $1,000,000

Encrypting your data remains the most effective way to mitigate risk.

The cost of a HIPAA breach today In the last 12 months fines for PHI breaches have soared. Recent examples include:


Concentra Health Services

Fined $1,725,220 for a lost laptop and the lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices.

Alaska Medicaid

Settled with the US government for $1.7 million in the case of a lost USB drive containing PHI of 501 patients.


Massachusetts Eye and Ear

Fined $1.5 million for HIPAA Privacy and Security violations, all stemming from a single laptop stolen from the vehicle of a DHHS employee.

Beyond fines, additional costs include:

Expenses in notifying all relevant parties

Lost revenue from patient or customer churn

Significant reputation damage

Can you afford NOT to secure your data?

Sophos Encryption for Healthcare

Get HIPAA Secure with help from Sophos Tools

Sophos provides a number of tools that can help with your HIPAA security compliance program. We offer a complete range of Next-Gen Enduser Protection solutions: from encryption that helps to keep your data secure wherever it goes, to endpoint protection that is designed to stop hackers from taking control of your computers, and mobile protection that helps to keep the PHI on tablets and smartphones safe.

We have over 25 years of experience helping organizations secure their data – see how we can help you.

Learn about Sophos Encryption Solutions

Why Sophos Encryption

Our message is simple: encryption is your
best defense against these incidents

Susan McAndrew, OCR Deputy Director of Health
Information Privacy

Sophos Encryption for Healthcare

Read this solution brief to understand the criteria healthcare providers should keep top-of-mind when reviewing an encryption solution, and how Sophos SafeGuard stacks up.

Sophos Encryption for Healthcare

* The Forrester WaveTM: Endpoint Encryption, Q1 2015, by Chris Sherman, January 16, 2015

** Gartner Magic Quadrant for Mobile Data Protection, John Girard, 8 September 2014


Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.