• E-mail
• Print
• RSS

Tip: Take these steps after encrypting your data

HIPAA Weekly Advisor, February 9, 2009

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

If you are in the process of encrypting your data to protect it from outside parties, take the following steps before and after proceeding with data encryption:

1. Identify the types of confidential information that you need to encrypt before transmitting or physically transporting it outside of the organization, including patient data or PHI, Social Security numbers (employees’ or patients’), credit card data or cardholder information, and other sensitive or proprietary information (e.g., financial or personnel information).
2. Identify the types of devices or media that could or do contain confidential information.  This includes devices such as laptops, notebooks, tablets, and any hand-held computing device, such as a smart phone or portable media including PDA, CD-ROMs, DVDs, computer hard drives, external or portable hard drives, ZIP drives, floppy disks, backup tapes, and other memory devices (e.g., USB-flash drives, thumb drives, jump drives)
3. Make encryption easy to use. Therefore, it is best to organize a cross-sectional team of technical and clinical staff members, as well as the compliance, privacy, and information security officers. The team should evaluate the top three products that the technical staff members recommend.

Editor’s note: These tips are offered by Tom Walsh, CISSP, of Tom Walsh Consulting in Overland Park, KS, in the February edition of Briefings on HIPAA, the HCPro, Inc. newsletter.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments