• E-mail
• Print
• RSS

Tip: Play it safe, encrypt "data at rest"

EHR Connection, December 24, 2007

"Data at rest," which includes any stored data, usually held on a server, hard drive, or portable device, such as laptop computers, PDAs, smart phones, USB flash drives, CDs, DVDs, and floppy disks, is vulnerable if unencrypted.

Protect your facility and your patients' privacy with this six-step approach:

1. Identify your data and determine its location with an inventory of all facility equipment.
2. Conduct a systemwide risk assessment of your data to determine areas of weakness and need.
3. Develop a policy that clearly states who can access data remotely and what data may be stored on portable devices.
4. Implement technical mechanisms that require encryption and ensure that your IT department develops standards for encrypting all types of data in use at your facility.
5. Develop a security incident response plan that clearly states how your organization will respond if a security breach involving lost data occurs.
6. Know what applicable state laws require. Information about state notification laws is available at www.ncsl.org/programs/lis/CIP/priv/breach07.htm.

This tip was brought to you by the December issue of Briefings on HIPAA.

• E-mail to a Colleague
• Print
• RSS
• Archive