A state review of a University of Iowa Hospitals and Clinics computer system recommends the hospital strengthen procedures for the encryption of laptop computers.
The review, conducted by the State Auditor's office and released Monday, found that certain controls can be strengthened to further ensure the reliability of financial information. The auditor's office conducted the information technology review of selected general and application controls over the UI Hospitals and Clinics' GE Centricity System for the period of May 28, 2012 to July 30, 2012.
The GE Centricity System at the hospital is a commercial application used for patient registrations, scheduling and the collection of information to process billings and receivables for patients and insurance providers.
The audit recommends the hospital strengthen its policy to require the encryption of any portable device before any sensitive data is stored on it, and to take steps to ensure all laptops are properly encrypted.Hospital officials responded in the audit that there is an existing policy requiring sensitive institutional data stored on a laptop or portable storage device must be encrypted when technically possible using an approved encryption program. Hospital leaders have called for any incidents of failure to comply with the policy to be reported for follow-up, and have initiated an extensive external data security assessment that should be completed in April. Hospital administrative and clinical leaders also have been taking part in presentations on data security and data loss prevention, officials said.