Health Information Management

PPV: Healthcare providers encouraged to encrypt data at rest

HIM-HIPAA Insider, December 18, 2007

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

State laws requiring notification of a security breach to patients whose protected health information (PHI) has been compromised are prompting healthcare providers to encrypt data stored on portable devices. "Data at rest" are any stored data, usually held on a server, hard drive, or portable device. Portable devices include laptops, PDAs, smart phones, USB flash drives, CDs, DVDs, and floppy disks.

"[State] laws do not necessarily mandate encryption of portable devices, but for example, if an encrypted laptop is lost or stolen, in most states you do not need to contact patients about the breach," says William M. Miaoulis, CISA, CISM, manager of healthcare security services for Phoenix Health Systems in Dallas.

"If it is not encrypted, you have to contact everyone who could possibly be impacted. This process can be extremely expensive and damage your public reputation," he says. "Just think if you have to send out thousands of letters notifying patients. And although the law does not require it, many firms are offering two years' worth of credit checks and credit monitoring as a way of reducing the public relations impact."

Editor's note: For more information on encrypting data at rest, click here. Subscribers to Briefings on HIPAA can read the full article in the December 2007 issue. You can also purchase this article for $10 by clicking on the link above.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular