[ISN] Healthcare data encryption trends and methods

http://healthitsecurity.com/2014/03/17/healthcare-data-encryption-trends-and-methods/ By Patrick Ouellette Health IT Security March 17, 2014 There are varying responses from healthcare organizations and security experts when the question of why an organization would not encrypt its data is posed. For some, it’s a numbers game and their budget simply can’t fit encryption technology. Others philosophically are opposed because they believe, to a degree, it degrades the data. However, there may be a more fundamental reason for a lack of encryption for some organizations: the belief that their “four walls” are enough to protect patient data. Michael Leonard, Director of Product Management for Healthcare IT at Iron Mountain, told HealthITSecurity.com that many organizations don’t encrypt their data for that reason. What encryption trends are you seeing on-site v. off-site within healthcare organizations? Leonard: We see in many organizations a lot of the content is still not encrypted, especially if it’s being stored onsite, and that has been, I think, historically because it’s within their four walls there’s less concern, right or wrong, but there’s less concern that it should be encrypted if it’s in-house, so to speak. I don’t see anybody, at least that we’ve talked to, moving content out into the cloud or out to a managed service provider unless it is encrypted, and that’s clearly a best practice. Also, many of the existing clinical applications don’t really have a native way of encrypting content, so it’s like extra work for the organization to encrypt much of that clinical information. So, we see quite a bit of the content that’s stored within the four walls of an organization as unencrypted. […]