Home

  • Home
    • » e-Newsletters

Tip: Adopt encryption policy to ensure confidential data remains secure

EHR Connection, October 20, 2008

The Internet is an open, public communications medium not subject to centralized control. Sound business practice requires encryption of all information classified as confidential or higher transmitted via the Internet or over other open, public networks.
 
Ensure greater security of your confidential data by including these rules in your encryption policy: 
  • The information security department (ISD), in collaboration with the information technology (IT) department, will specify acceptable methods and technical tools for encryption in different circumstances
  • Some examples include Virtual Private Network (VPN) for work force, Business Associate, and trading partner connections; secure FTP for file transfers; SSH for remote system administration; and SSL for organization Web site transactions involving confidential data (including passwords and PHI)
  • The ISD and IT department will select tools based on government-endorsed symmetric and asymmetric algorithms and minimum keylengths 
This tip is from The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit published by HCPro, Inc.

Most Popular