Health IT and Electronic Health Activate your FREE membership today |  Log-in

Data Security for HIPAA Compliance

Apr 28 2010   10:59PM GMT

Disk encryption is not the panacea for compliance

Posted by: Azaltsman
arra 13402, data at rest, data in motion, data in use, encryption, file encryption, full disk encryption, HIPAA, hitech act encryption, phi, whole disk encryption

We hear many news stories about stolen laptops and hard drives. The knee-jerk reaction is to purchase whole disk encryption products (there are many out there) to sleep better at night. There is no question that whole disk encryption should be a part of your data security arsenal. However, don’t overlook the “big picture” of your IT security strategy. Keep these things in mind.

  • Whole disk encryption is clearly needed for mobile devices and removable storage.
  • Whole disk encryption protects data when your computers is TURNED OFF. This means that while you’re using the computer the data is in use, and is not encrypted.
  • Additional level of data protection is needed to protected the data while computers are in use. For example, critical data files should be encrypted automatically regardless of whether the computer is turned on or off. Whole disk encryption does not do this.
  • Files containing PHI that are transferred over a network need to be encrypted. Whole disk encryption does not do this.
  • What about e-mails containing PHI? More importantly, what about those that use Microsoft Outlook and store data in archive (.pst) files?

So why is whole disk encryption not enough? What happens if a worm invades your computer and transfers documents of a certain file type to a remote location. Whole disk encryption will not help you in this situation. It’s important to encrypt files on the hard drive so that they remain encrypted while the computer is in use.

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: