Umar says the healthcare organization two years ago settled on using Voltage SecureMail to encrypt sensitive information that was e-mailed, because it works without requiring client software on the receiving end. "I wanted e-mail anywhere, and this works to send e-mails anywhere securely," says Umar.

Umar says his next important encryption project involves deploying McAfee's Endpoint Encryption (formerly called SafeBoot) on about 400 laptops for data protection, adding the British government's health authorities are mandating it.

But there's open debate over the perceived advantages and disadvantages of deploying software-based disk encryption, based on products from security vendors, vs. deploying hardware-embedded disk-drive-based encryption that's become available from disk-drive manufacturers.

CBI Health's IT Director Ken Waring says his organization did adopt software-based encryption for its older computers. Preferring not to divulge the specific software vendor, Waring said his organization's experience with software-based full-disk encryption has been much less satisfactory than using the Dell computer Seagate-based disk-drive-based encryption.

"We had problems with the installation of the software-based product," said Waring. In a few instances, the encryption software was uninstalling itself, apparently due to bugs related to the software keys.