• E-mail
• Print
• RSS

PPV: Healthcare providers encouraged to encrypt data at rest

EHR Connection, December 31, 2007

State laws requiring notification of a security breach to patients whose PHI has been compromised are prompting healthcare providers to encrypt data at rest on portable devices. Data at rest is any stored data, usually held on a server, hard drive, or portable device. Portable devices include laptops, PDAs, smartphones, USB flash drives, CDs, DVDs, and floppy disks.

"[State] laws do not necessarily mandate encryption of portable devices, but, for example, if an encrypted laptop is lost or stolen, in most states you do not need to contact patients about the breach," says William M. Miaoulis, CISA, CISM, manager of healthcare security services for Phoenix Health Systems in Dallas.

Click here to read everything you wanted to know about encryption but were afraid to ask.

The cost is $10. Subscribers to Health Information Compliance Insider can sign on for free access.

• E-mail to a Colleague
• Print
• RSS
• Archive