Importance of Encryption for HIPAA Compliant Organizations

Recent cyberattacks on big corporations have demonstrated that no company is safe from cybercriminals.

Individuals and groups of hackers will take advantage of easy targets, and even well known companies with considerable resources to allocate to cybersecurity have suffered highly damaging attacks. The security breach at Target in November 2013 cost the company the sum of $148 million. Investment in data encryption and other cybersecurity measures can therefore be considered money exceptionally well spent.

Private and confidential data must be kept secure and one of the easiest methods to use is data encryption. Encrypted data is scrambled and indecipherable to unauthorized users. The theft of a device containing an encrypted database means loss of equipment not loss of data and the fines and lawsuits which that entails.

Data Encryption Options

It is possible to encrypt data stored on servers, hard drives, PCs and other devices but also of vital importance to secure data in transit between devices and over the internet to prevent interception. Encryption can be used for Smartphones, tablets, flash drives, PCs and laptops and different degrees of encryption can be employed depending on the sensitivity of the data and the risk of attack or theft.

To encrypt or not to encrypt, that is the question

While there is no standard covering data that must – or should – be encrypted, it is essential to use encryption on any data that could potentially cause problems with compliance. HIPAA compliant companies should use encryption services on any patient data transmitted outside of the local network as a minimum.

Encryption is especially important on databases containing patient medical records and/or credit card numbers, as these are what cybercriminals are most interested in obtaining. Any off-site or cloud backups should have data encryption and portable devices such as laptop computers – which can easily be stolen, lost or misplaced – should have robust data encryption.

The cost may be relatively high; however considering the multi-million dollar fines and lawsuits, money spent on data security can certainly be considered an investment. Conduct a risk analysis and determine which data needs to be protected and purchase the encryption software offering the right level of protection.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.