Electronic medical records, which the Obama administration would like to see widely used, are rarely encrypted so a data breach could be triggered by the simple theft of a laptop or misplaced thumb drive, a privacy expert told lawmakers on Wednesday. Regulations require healthcare providers to report data breaches unless the data lost had been encrypted. "We know from the statistics on breaches that have occurred since the notification provisions went into effect in 2009 that the healthcare industry appears to be rarely encrypting data," according to written testimony by Deven McGraw, of the Center for Democracy and Technology.