Educause Security Discussion mailing list archives
Re: HIPAA Requires Encryption?
From: Ozzie Paez <ozpaez () SPRYNET COM>
Date: Thu, 26 Aug 2010 21:19:15 -0600
Hey Matthew, HIPAA does not require it, but any reasonable cost estimate will show that it is worth it. The risks and costs of dealing with unencrypted lost data is so much higher that it is a risk not worth taking, particularly if you already have the infrastructure in place. Hope it helps, Ozzie Paez SSE/SAIC 303-332-5363 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Matthew Link Sent: Thursday, August 26, 2010 2:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] HIPAA Requires Encryption? Very recently, I inherited the job of focusing information security efforts. In the process of upgrade of a SQL server, a question has arisen regarding the provision in HIPAA (Addressable) to encrypt EPHI at rest on both the server and the backup media. It does come at some additional cost, though it's manageable. Before proceeding, however, I thought I'd ask if anyone has suggestions. Thanks, --Matthew Link. Director, User Services Information Services, UCM 660-543-8063 link () ucmo edu
Current thread:
- HIPAA Requires Encryption? Matthew Link (Aug 26)
- Re: HIPAA Requires Encryption? Paul Kendall (Aug 26)
- Re: HIPAA Requires Encryption? Plesco, Todd (Aug 26)
- Re: HIPAA Requires Encryption? Paul Kendall (Aug 26)
- Re: HIPAA Requires Encryption? Ozzie Paez (Aug 26)
- Re: HIPAA Requires Encryption? SCHALIP, MICHAEL (Aug 26)
- Re: HIPAA Requires Encryption? Ozzie Paez (Aug 26)
- Re: HIPAA Requires Encryption? Faith Mcgrath (Aug 27)
- Re: HIPAA Requires Encryption? SCHALIP, MICHAEL (Aug 26)