Turns out that the Google Chromebook is fantastic for a small medical practice. Here’s why:
1) Chromebook hard drives are encrypted by default. This may limit your HIPAA liability in the event of a Chromebook with PHI on it being lost/stolen. (Here’s an explanation why.)
2) It’s really hard to do anything locally on the computer, since you can’t actually run any software locally. Therefore, you’re pretty unlikely to save an Excel file containing millions of rows of customer data on a Chromebook. Instead, everything is typically saved in the “Cloud”.
3) The “Cloud” can be HIPAA compliant! Specifically, Google Apps for Business is HIPAA compliant if you sign a BAA with them. Details are here. So, you can save your PHI in Google Drive — which is exactly how the Chromebook is intended to function (everything in the cloud).
4) Chromebooks protect against Malware and fraudulent operating system changes far better than either Windows or Mac OS. Not to trust Google blindly, but here is a description of what they do automatically.
5) You can buy a ton of them very cheaply to put them all over your outpatient clinic (in every patient room, for the receptionist, etc…). A Chromebook is around $200, as opposed to the ~$600-1000 you’d expect to pay for a thick laptop. Since they automatically-update to the latest OS patch, you don’t need to worry about paying an IT person frequently to keep everything kosher.
1) Remember to turn on “Require password from sleep” for safety.
2) Only use trusted wifi networks with strong passwords, etc. Try to use a trusted VPN if possible. One hospital reported only allowing folks to use cellular 3G data in order to avoid needing to audit all the wireless (wifi) networks they had running…