Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Database Encryption for HIPAA

From: "Patria, Patricia" <PPatria () BENTLEY EDU>
Date: Thu, 18 Nov 2010 10:45:24 -0500
We are in the process of reviewing our HIPAA requirements to comply with the HITECH ACT and HIPPA Security rule.  It 
looks like many schools have encryption policies in place for encrypting PHI at rest and in motion as it relates to 
data on laptops, desktops and e-mail (using Identity Finder, PGP and other end user encryption tools). For those with 
large central databases (either an EMR used in a medical center or an ERP that stores employee sponsored health plan 
data or Section 125 flexible spending account data), would you mind sharing what tools you are using for database 
encryption?
We are an Oracle shop and have looked at TDE (Transparent Data Encryption) for encryption at rest, and other Oracle 
Advanced Security Option components for encryption in motion, but are considering other options and would like to hear 
what other schools are doing.
Thank you.
Patty
Patty Patria
Bentley University
Previous By Date Next
Previous By Thread Next

Current thread: