Developing a Plan to Protect


Personal Health Information IT Starts with Enterprise Encryption


2 BY AL GALLANT E


NCRYPTING PCs, notebooks, and peripheral devices is a vital step towards protecting


personal health information (PHI) and avoiding hefty fines for data breaches. However, hardware shouldn’t be the only focal point of a PHI encryption strategy. Many healthcare CIOs don’t worry about PHI breaches when a server is in a secured data center, but it can happen—and it can be expensive. A server will contain significantly more PHI than a PC or notebook, and


data breach fines are based in part on the number of patients whose PHI data has been compromised. It’s important to remember these three levels of encryption on any servers containing PHI: 1. Software Encryption: Many


software encryption systems for PCs and notebooks can’t be used on servers. When you purchase a software encryption product, it’s important to verify how it can be implemented. Consider an “on-the- fly” encryption process for servers,


when data is encrypted or decrypted automatically before it is loaded or saved—invisible to the user. PHI stored on an encrypted volume can be accessed only if the user has the correct password or encryption keys, and the PHI at rest on the server’s disk is completely encrypted. If a hacker obtains unauthorized access, the data is unreadable. 2. Network Encryption ensures


that hackers attempting “sniffing attacks” will not see any PHI in transmission. To prevent


CONNECTION


VOLUME 1 • ISSUE 3


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36