If your organization maintains, uses or discloses health information — encryption is a MUST!
Healthcare providers are held to a higher standard and must properly protect health information at rest (on storage devices/computer hard drives), in motion (moving across networks), and in use (while the data is being accessed/modified).
Unfortunately, however, many providers are still out of compliance and wait until a data breach occurs – a reactionary mentality, especially once the damage has been done.
Los Angeles County Department of Health Services (“DHS”) recently experienced a data breach that affected 342,000 patients, which resulted in a reactionary comprehensive review its privacy and security procedures. “Since the breach was announced, DHS has said that it will boost its data security procedures, starting with mandating that all employees’ laptops and computer workstation hard drives be encrypted.
And, according to the Los Angeles Times, L.A. county contractors that exchange patient data with the county must also encrypt the data in motion. Lisa Richardson, DHS spokeswoman, added that the Sutherland incident “alerted us to some necessary security measures.” Article.
Comprehensively reviewing how your organization stores, uses, and transmits health information is imperative now, not after a breach of unsecured health information.
Not only is encryption important, it may even relieve your organization from having to report a data breach, as the health information would not be considered “unsecured.” Thus, proper encryption of all health information–at rest, in transit, and in use–is imperative.
Tell us how your organization protects its information? Share your ideas with us by clicking on the comment button below. We’d love to hear from you.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.