• E-mail
• Print
• RSS

PPV: Healthcare providers encouraged to encrypt data at rest

HIM Connection, December 18, 2007

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

State laws requiring notification of a security breach to patients whose protected health information (PHI) has been compromised are prompting healthcare providers to encrypt data stored on portable devices. "Data at rest" are any stored data, usually held on a server, hard drive, or portable device. Portable devices include laptops, PDAs, smart phones, USB flash drives, CDs, DVDs, and floppy disks.

"[State] laws do not necessarily mandate encryption of portable devices, but for example, if an encrypted laptop is lost or stolen, in most states you do not need to contact patients about the breach," says William M. Miaoulis, CISA, CISM, manager of healthcare security services for Phoenix Health Systems in Dallas.

"If it is not encrypted, you have to contact everyone who could possibly be impacted. This process can be extremely expensive and damage your public reputation," he says. "Just think if you have to send out thousands of letters notifying patients. And although the law does not require it, many firms are offering two years' worth of credit checks and credit monitoring as a way of reducing the public relations impact."

Editor's note: For more information on encrypting data at rest, click here. Subscribers to Briefings on HIPAA can read the full article in the December 2007 issue. You can also purchase this article for $10 by clicking on the link above.

Want to receive articles like this one in your inbox? Subscribe to HIM Connection!

• E-mail to a Colleague
• Print
• RSS
• Archive