Tuesday, July 23, 2013

Scrutinizing Healthcare Data Encryption Options


Data encryption is coming to the forefront in healthcare organizations due to the increased penalties associated with HIPAA violations.  Unfortunately, most hospitals are considered to be pretty outdated when it comes to encrypting and their understanding of the present options. 

A recent article in Wired listed 9 Biggest Data Encryption Myths Busted.  A few of those are believed to be relevant to healthcare.

1.     Encrypt regardless of compliance reasons- The Office for Civil Rights recommends encrypting, but it has yet to be mandated.
2.     Pair inexpensive encryption tools with knowledge of your organization- The size of the organization shouldn’t matter.  Both small and large should be encrypting all data.
3.     Cloud encryption key management has come a long way- With a business associate agreement (BAA), organizations shouldn’t have an issue with a vendor managing the key. 
4.     Encryption can be a big part of healthcare big data security

John Christly, CISO of Nova Southeastern University, has expressed concern that HIPAA only defines encrypting as addressable and not required as other elements are.  Therefore, many organizations will wait until it’s required and even more troubling is that many do not know where or what the data is coming from. 

Finally, while encryption is needed, organizations must be careful when doing so, as important data could be lost if not performed correctly.  Moreover, costs associated with the technology and education can be high, but given the risks, it’s important to ensure it is performed properly. 

Just a few weeks back I discussed USB security and how some hospitals are encrypting them as a precautionary measure.  I believe that many hospitals are waiting to begin data encryption with anything else due to the potential for numerous issues, but especially due to the fear of losing important data in the process.  In my opinion, hospitals should be encrypting all data, as the possibility of hefty fines and patient harm resulting from a data breach, could be much greater than any other risk associated with encrypting.   As a patient, I would be relieved to know that my data is being treated as carefully as and safely as possible. 

Article referenced:
Ouellette, Patrick.  (May 31, 2013).  Scrutinizing healthcare data encryption options. HealthIT Security.  Found on July 22, 2013.  Retrieved from
http://healthitsecurity.com/2013/05/31/scrutinizing-healthcare-data-encryption-options/


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)