Security is already high on the totem pole of IT priorities, but with 2015 kicking off with a massive Anthem health breach, encryption is a hotter topic than ever.
Many compliance mandates require or encourage some form of encryption, including the commonly encountered PCI and HIPAA standards (the HIPAA Security Rule, while it doesn’t require encryption, does require you to prove, in writing, why you believed encryption wasn’t necessary in your special case. Which, let’s be honest, if you are disclosing a large breach to the public as required, encryption was probably necessary).
There are many encryption methods and vendors on the market, but all of them require access to an encryption key in order to unscramble encoded data. If a malicious agent gets their hands on this key, it’s game over for your encrypted information.
This means that every enterprise needs a secure, organized system to manage all of their encryption keys. As data sets are updated with new keys, new data is added, different encryption systems are introduced, and user access is modified, encryption key management becomes even more essential.
Healthcare providers who are researching and implementing new digital tools and electronic health records (EHRs) realize that infrastructure costs can increase quickly, especially for large file sets like medical imagery.
Some organizations may find that cloud and colocation may not be cost effective as they still have in-house infrastructure; others may be looking for a disaster recovery solution or new systems or software that must work together with the current Picture Archive and Communication System (PACS) or EHR environment.
By combining existing patient record systems with Vendor Neutral Archiving (VNA) and Enterprise Content Management (ECM) tools hosted with a compliant cloud vendor, providers can enable a central repository of patient information in an economical and powerful manner.
The Ponemon Institute released a survey this month that paints an unfortunate picture about the state of mobile devices and cloud technology in industries that must deal with regulation or compliance standards, like healthcare or government.
The survey questioned nearly 800 IT professionals about the use of regulated data and what they perceived as the biggest security risks. They defined regulated data as “sensitive and confidential data that organizations are legally required to keep safe and secure”, like ePHI (electronic protected health information), financial information, or customer accounts.
We frequently talk about HIPAA compliance and how that affects healthcare organizations as they migrate to cloud-based infrastructure. This infographic gives some more details about what electronic health records are used for, what patients want from ePHI, the most common types of breaches and ways to secure health data.
Encryption is an important safeguard to protect sensitive data that’s stored and processed through the cloud. Encryption protects outgoing data so it’s not vulnerable to being read once it’s outside your network. It also satisfies compliance and regulatory standards like HIPAA and PCI DSS and is an essential tool for protecting information used with popular SaaS applications like Salesforce.com. Even with a highly-secure data center, the protection of important information is a shared responsibility between your service provider and your IT team. Get started by implementing these four encryption best practices for a cloud environment: