It’s Encryption, Stupid

With all this talk about HIPAA privacy, security and data breach compliance one move could prevent a lot of employee headaches; Encryption.  Encrypting computers, networks and mobile devices is a big step towards compliance bliss (if that exists). Leon Rodriguez, director of OCR has said “Encryption is an easy method for making lost information unusable, unreadable and undecipherable.”  Yet so many organizations, big and small, still don’t encrypt.

“For smaller HIPAA-covered entities and business associates, encryption is seen as a considerable expense, but many say it’s worth the cost, especially when taking into account post-breach legal fees, investigation costs and fraud protection often provided to affected patients.

Jeffrey Brown, chief information officer of the 178-bed Lawrence General Hospital in Massachusetts, said his hospital has never experienced a HIPAA breach — and it’s not just luck. It’s because it has taken an aggressive approach to addressing privacy and security issues.

“Privacy and security and compliance are something that is at the top of our priority list,” Brown told Healthcare IT News last month. All devices there are encrypted, and the hospital has an anti-BYOD policy. They provide laptops and cellphones to the relevant clinical staff. “

You can read about recent HIPAA data breaches and their lack of encryption here: Lack of encryption brings breach blunder


About Data Breach Watch Administrator

, , , ,

No comments yet.

Leave a Reply