Skip to main content

Q&A: Tracking the Use of USB Drives

Analysis  |  By Revenue Cycle Advisor  
   March 11, 2021

You need to block the use of USB drives unless there is a business need to use USB drives.

A version of this article was first published March 11, 2021, by HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.

Q: How can you track or prevent the use of USB drives in a hospital setting?

A: If you are working in a Windows® environment, your IT department can use Microsoft Group Policy to disable the use of all USB drives or select USB drives. If you are working in a Mac® environment, you can do the same thing but through Terminal. There are tools out there that can assist with enabling or disabling USB drives, even down to only disabling non-approved USB drives.

You need to block the use of USB drives unless there is a business need to use USB drives—and if such a need exists, the drives used must be encrypted if they will store PHI or personal identifiable information. This needs to be addressed not just in policy, but also in a technical solution that actively blocks the use of some or all USB drives. Adopting a “here’s the policy and I trust you” approach is risky and does not prevent the storage of PHI on unencrypted USB drives.

Editor’s note: Chris Apgar, CISSP is president of Apgar & Associates LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.

Revenue Cycle Advisor combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule and regulatory updates thoroughly. Learn more.

Get the latest on healthcare leadership in your inbox.