Where is that laptop with the patient information?
Several times last year, the headlines informed us of yet another missing laptop with sensitive personal information on it. If you are a "covered entity" with regards to HIPAA, this becomes an even bigger deal. Late last month, the Centers for Medicare & Medicaid Services (CMS) issued security guidance for Electronic Protected Health Information on laptops, USB drives, smart devices, etc. While there is nothing here especially earth shaking, it does include a nice matrix of risks and mitigations you might take. At the least, it's worth looking through to make sure that you are addressing each of the areas, and have a response ready in the event of a data breach.
Shameless product plug: many of the security features they recommend (two factor authentication, encrypted data, preventing copying of EPHI to portable storage, etc.) are available in the box with Windows Vista. Even if your standard desktop is going to remain XP for a while, it may be worth exploring moving laptops and tablets to Vista for the security (not to mention the productivity boost your users will get!).
