If someone steals your server full of non-encrypted files, they are guilty of theft and you are guilty of nothing.
However, you are in a pickle, and so are your patients.
In the age of paper charts (and indecipherable handwriting), it was inconceivable that someone could steal thousands of charts from your record room, haul them home, and peruse them at their leisure. Today, that act is not only conceivable, it is easily accomplished.
I've been thinking about this IronKey thingy. It seems ideal for a medical office. I am wondering why you couldn't just put your main AC database on the IronKey and run the whole network off of that? Would it slow you down somehow? Would the security measures prevent AC from accessing the data?
If it would work, you could just take the IronKey out of your computer and take it home with you at night. There would be no patient information left on your office computers when you left the building!
If you lost it, the data would be encrypted and password protected, completely inaccessible to the finder. Also, the IronKey has a service where your data is automatically backed up to some invulnerable off-site computer, so that if the IronKey is lost, all the data can be restored.
With regards to Bert's points about multiple backups, I was thinking that at the end of the day, the IronKey could be plugged into your home computer, and your Amazing Charts data could be dragged and dropped into folders marked "Monday, Tuesday, Wednesday, etc." Of course, these copies would not be encrypted; you would have to then encrypt your home copies with TrueCrypt or somesuch other program.
Alternatively, would the IronKey have enough memory to contain five days worth of backups? That way, you wouldn't have to make copies at home (remember, they have an offsite backup you could do at night before you left).
Anyway, those are my half-baked ideas. I would appreciate the comments of others.
