HIPAA & Encryption: The Best Practices

Webinar June 4, 2015

Data breaches are growing in number and severity in the healthcare industry, due in part to the increasing sophistication of hackers and the rising black-market cost of stolen medical records. But despite the levying of fines and penalties for breaches of (ePHI), healthcare businesses are still slow to effectively adopt one important IT practice: encryption.

Intended to guide healthcare industry businesses on the best practices to avoid IT security threats, the HIPAA Security Rule requires covered entities and their business associates to implement technical safeguards to protect all Electronic Protected Healthcare Information (ePHI). As such, HIPAA makes specific reference to encryption, access controls, encryption key management, risk management, auditing and monitoring. Encryption itself, is an “addressable” implementation standard under HIPAA. Meaning, if a business does not deem the practice of encryption reasonable or appropriate to do, then they are essentially off the hook. But is that even the best course of action? Could turning your back on encryption cause you to miss out on a major protection afforded to you in the Breach Notification Rule? This is certainly something to consider.

In this on-demand webinar, OnRamp Founder Chad Kissinger and Former OnRamp Security Engineer Jeremiah Martin discuss the best practices for encrypting ePHI in a transit and at rest to provide greater protections from the fines and penalties associated with security incidents.

Topics covered in this webinar include the following:

  • Understanding HIPAA’s take on the topic of encryption
  • Comparing the challenges of encrypting data in transit and at rest
  • Using the National Institute of Standards and Technology (NIST) guidelines as a standard for encryption
  • Best practices for accurately deploying and maintaining encryption

HIPAA’s guidelines are far from prescriptive, so defining what you should or shouldn’t do from the IT perspective is sometimes hard to do. Download our HIPAA eBook to find out how, in working with a knowledgeable, HIPAA compliant IT provider, you can tackle this problem and improve patient privacy and data security in the process.