Turn On Encryption Now: A No-Nonsense Guide for HIPAA Encryption Posture on Laptops, Phones & Tablets.

The HIPAA Privacy and Security Rules safeguard medical and health information when it is created, stored, or shared by covered entities —such as health plans, most healthcare providers, and clearinghouses—as well as their business associates. This information, known as protected health information (PHI), includes personally identifiable details like your name, address, age, Social Security number, and location, along with sensitive health data such as your medical history, diagnoses, conditions, and current health status.

Smart devices are vaults full of information—messages, photos, medical notes, and even where you’ve been. Encryption locks that vault. If a device is lost or stolen, encryption keeps data unreadable without the passcode or key. It can be the single biggest difference between “annoying” and “catastrophic.”

Below are some easy-to-follow steps to enable encryption on devices that may be used for PHI storage or transmittal across Windows, macOS, iPhone/iPad, and Android. It is recommended that organizations use devices supplied by the organization and limit the use of personal devices when engaging with PHI. HIPAA protects PHI held by covered entities and their business associates; personal devices are generally outside that scope without some additional apps or configurations as part of a BYOD (Bring Your Own Device Policy). Encryption is how an organization stores and transmits HIPAA-related PHI.

What Encryption Is (and Isn’t)

• Is: Protection for data at rest or in transit. If someone steals your laptop/phone or removes its drive, your files are unreadable without the key. If a transmission is intercepted, encrypted data can not be read.

• Isn’t: A shield against malware, phishing, or bad links. Keep using firewalls, patch updates, and anti-malware tools for other cybersecurity concerns.

Pre-Execution Checklist (Do This First)

1. Back up important files (and verify you can restore).

2. Choose a strong passcode/password (long, unique; avoid birthdays/pets).

3. Plan where to store your recovery key (password manager, printed and locked away, or enterprise escrow).

4. Plug in laptops/phones so they don’t die mid-setup.

Windows 11/10 (BitLocker or Device Encryption)

Note: BitLocker is built into Pro/Enterprise editions. Some Home devices offer Device Encryption instead. You’ll use one or the other, depending on OS type.

A) Check if “Device Encryption” Is Available (often on Home)

1. Start → Settings → Privacy & security → Device encryption.

2. If present, Turn on.

3. Follow prompts to save your recovery key (critical).

4. Reboot if asked; encryption completes in the background.

B) Turn On BitLocker (Pro/Enterprise)

System drive (C:)

1. Press Windows key, type Manage BitLocker, open it.

2. Next to OS (C:), click Turn on BitLocker.

3. Choose how to unlock at startup (TPM only or TPM+PIN—PIN adds security).

4. Back up your recovery key (print, file, Microsoft account, or enterprise escrow).

5. Encrypt entire drive (best for used PCs).

6. Run BitLocker system check → Continue → Restart.

7. To verify later, open Command Prompt and run:
   manage-bde -status (look for “Percentage Encrypted: 100%”).

USB/external drives (BitLocker To Go)

1. Insert drive → open Manage BitLocker.

2. Click Turn on BitLocker for that drive → set a strong password.

3. Save the recovery key → Encrypt entire drive.

Important: Do not lose the recovery key. Without it, your data is gone (by design).

macOS (FileVault)

FileVault performs full-disk encryption on your Mac.

1.  Apple menu → System Settings → Privacy & Security → FileVault.

2. Click Turn On.

3. Choose how to recover your disk if you forget the password:

   • iCloud recovery (easy) or

   • Local recovery key (copy it to a safe place; do not store it only on the Mac you’re encrypting).

4. Enable other user accounts to unlock, if needed.

5. Restart when prompted.

6. Encryption runs in the background. You can check the status in the same FileVault pane.

External drives on Mac

• Open Disk Utility → select the drive → Erase → format as APFS (Encrypted) → set a strong password.

iPhone & iPad (Data Protection with Passcode)

Modern iPhones/iPads have hardware encryption baked in. It activates fully when you set a passcode.

1. Settings → Face ID/Touch ID & Passcode → Turn Passcode On.

2. Choose a strong alphanumeric passcode (longer is better).

3. Optional but smart: in Face ID/Touch ID & Passcode, enable Erase Data after 10 failed attempts.

4. Scroll to the bottom of that screen—look for “Data protection is enabled.”

5. Backups:

   • Finder (Mac) / iTunes (Windows): select your iPhone → Encrypt local backup (set a backup password and store it safely).

   • iCloud backups are encrypted by Apple; still use a strong Apple ID password and MFA.

Android (Modern & Older Devices)

Most modern Android phones (Android 7.0+ and virtually all Pixels/Samsungs today) use encryption by default once you set a secure screen lock.

A) Modern Android (File-Based Encryption by Default)

1. Settings → Security (or Security & privacy).

2. Set a Screen lock (PIN/password/biometrics).

3. Check encryption status under Encryption & credentials (names vary by vendor).

4. SD card: On many Samsungs: Settings → Biometrics and security → Encrypt SD card (if supported) to protect removable storage.

B) Older Android (Full-Disk Encryption Toggle)

1. Back up first and plug in.

2. Settings → Security (or Security & location) → look for Encrypt phone/tablet.

3. Follow prompts (the process can be lengthy; don’t interrupt).

4. Set a strong screen lock (PIN or password required for at-boot decryption).

Don’t Forget Backups & Removable Media

• USB sticks/external HDDs:

  • Windows: BitLocker To Go.

  • macOS: Disk Utility → APFS (Encrypted).

• Local phone backups: Always choose the encrypted backup option.

• Cloud backups: Use MFA and strong passwords for the account that holds them.

Recovery Keys: Store Them Like Gold

• Put them in a password manager, or

• Print and lock them in a safe, or

• Use enterprise escrow (e.g., via MDM/Intune/Jamf).
  Lose the key, lose the data—no exceptions.

End-of-Life: Wipe Before You Recycle or Sell

1. Factory reset the device (after confirming you have backups).

2. Remove & destroy the SIM if you won’t reuse it.

3. Recycle through a reputable e-waste program.

Bonus: Reduce Your “Data Exhaust” (Optional but Wise)

Even with encryption, your device and apps can collect location and activity data.

• iOS: Settings → Privacy & Security → Location Services. Turn off for non-essential apps; review System Services and Significant Locations. In Tracking, disable Allow Apps to Request to Track.

• Android: Settings → Location. Toggle off for non-essential apps; review App location permissions. Under Privacy/Ads, Delete/Reset advertising ID or opt out of ad personalization.

• Avoid “free” apps you don’t need; deny location access unless essential (maps, ride-share).

Quick Reference: What “Good” Looks Like

• Windows: Device Encryption ON or BitLocker ON (100% encrypted)

• macOS: FileVault: On

• iPhone/iPad: Passcode set + Data protection enabled

• Android: Encryption ON + Secure screen lock

• Removable media: Encrypted (BitLocker To Go or APFS Encrypted)

• Recovery keys: Backed up securely

Bottom line: Turn encryption on, lock it with a real passcode, and safeguard the recovery key. Do those three things today, and you’ve just shut the door on the most common and most damaging kinds of data loss.

References

1. FTC – How to Protect Your Phone and the Data on It: https://consumer.ftc.gov/articles/how-protect-your-phone-data-it

2. FTC – What to Know About Medical Identity Theft: https://consumer.ftc.gov/articles/what-know-about-medical-identity-theft

3. NSA – Limiting Location Data Exposure (PDF): https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF

4. ONC – Protecting Health Info on Mobile Devices: https://www.healthit.gov/topic/privacy-security-and-hipaa/how-can-you-protect-and-secure-health-information-when-using-mobile-device

5. EFF – Surveillance Self-Defense Scenarios: https://ssd.eff.org/module-categories/security-scenarios

6. HHS - Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone1 or Tablet: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/cell-phone-hipaa/index.html