Health IT and Electronic Health Activate your FREE membership today |  Log-in
5 pts.
 Encryption of virtual data
With so much concern regarding storeage of data and the use of the cloud/virtual technology for storage, how do we secure the data? What type of encryption will allow sharing the healthcare data with different healthcare facilities across the U.S. and still protect the data from breech, hacking?

Software/Hardware used:
Windows XP and Windows 7
ASKED: May 26, 2011  9:06 PM
UPDATED: November 3, 2011  4:44 pm

Answer Wiki:
There are two primary protection needs for health data - when it is being transmitted between entities and when it is in storage. These two security needs can both be met with encryption, and you will see references in the health IT security space and in infosec generally to encryption of "data in transit" and "data at rest." With Internet transmissions, including those using cloud computing, the default for encrypting data in transit is to use a connection-based protocol like TLS or SSL (with SSL it is now customary to specify v3, since v2 has been shown to be less secure and is unacceptable when complying with security standards like PCI). For instance, the security standards used for the Nationwide Health Information Exchange specify secure connections with mutually-authenticated channels using SSL or TLS. For encryption at rest, the first step is to decide to encrypt it at all, since encryption of data at rest is "addressable" rather than required under HIPAA. The easy reason to do it is that when you encrypt your data you give yourself an out from federal health data breach notification rules, which only apply to unsecured data. As for strength of technology, in the government you need to use encryption that meets FIPS 140-2 standards, and if that's good enough for the Department of Defense, it's probably good enough in general. To apply this protection in the cloud, it's important that cloud customer demand their providers use appropriate encryption technologies and follow the right processes and procedures to safeguard the data placed in their custody.
Last Wiki Answer Submitted:  May 27, 2011  7:20 pm  by  SteveGonHIT   250 pts.
All Answer Wiki Contributors:  SteveGonHIT   250 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


 

Secure data storage is going to be (really already is) a huge issue for the healthcare industry. Thanks for the answer.

 0 pts.

 

Agreed, that’s helpful info.

 0 pts.

 

Data encryption in HIPAA hosting should follow NIST standards.

 105 pts.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: