Safebook

Devon Health has launched a "HIPAA-compliant" laptop for all those in the health care industry who can't seem to follow basic IT security guidelines (press release). Devon Health is a national health care cost management company and has apparently started an IT division to sell the notebook computer. This "IT division" seems to be little more than a web site and an OEM deal. The Devon IT web site has its own URL (www.devonit.com) which is redirected to this site. The product itself is not much more impressive.

The SafeBook is a mobile thin client
laptop that has no hard drive to store data. HIPAA-protected patient
data and all applications are instead saved on a hospital or physicians
office server, and can only be accessed by authorized users. This
secures user information in case of laptop thefts or losses, equipment
damage, or personal data breeches, and virtually eliminates spyware,
viruses, and end-user errors. SafeBook is less expensive than most
laptops on the market, requires little IT maintenance, and provides
users with the familiar experience of a notebook PC.

So their "fix" to meet the security requirements of HIPAA is to eliminate all patient identifiable data on the laptop - a rather crude solution. Of course this means that you can't do any work on the laptop without a network connection (both wired Ethernet and 802.11b/g are supported). For $799 you get an off-brand VIA C7-M 1.5GHz CPU, and a memory socket (I guess memory is extra!). You can get a full featured laptop from Dell or HP for about the same price.

There is no substitute for good security policies and procedures (and don't forget to train everyone).