FDE an inability for Advanced Malware Detection

[packets]

I have several dental clients who have portable devices (i.e., laptops) in which I use Truecrypt for full disk encryption (FDE) (for HIPAA compliance). In the past (prior too FDE), I'd scan their drive(s) with a LiveCD (e.g., Kaspersky's Rescue Disk) to check for malware, but obviously, this option no longer exists...and Microsoft's Bitlocker will have the same issue(s). I guess these machines should have a regular nuke-pave. My concern now is these machines are regularly reconnected to their protected LAN containing PHI. With FDE I no longer have the option for advanced malware detection (i.e., rootkits, etc.) and therefor these machines, being promiscuous, are now a greater security risk to the protected LAN and I've no way to effectively scan them other than decrypt-clean/scan-encrypt. I really don't believe the health industry thought this through...Hmm...there could be a thief, camouflaged, hidden in plan sight.

[Hersheydmd]

Why am I not surprised.

[satishp]

Why don't you freeze the system using RollbackRx or use Steady State or comodo time machine kind of products.

so the data will be the only one that will be changing. Application parts will be the same.

True Crypt has been discontinued and they are recommending to use bitlocker since there are some known bugs in truecrypt and it has discontinued developments.