Healthcare data encryption trends and methods

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/2014/03/17/healthcare-data-encryption-trends-and-methods/

By Patrick Ouellette
Health IT Security
March 17, 2014

There are varying responses from healthcare organizations and security 
experts when the question of why an organization would not encrypt its 
data is posed. For some, it's a numbers game and their budget simply can't 
fit encryption technology. Others philosophically are opposed because they 
believe, to a degree, it degrades the data. However, there may be a more 
fundamental reason for a lack of encryption for some organizations: the 
belief that their "four walls" are enough to protect patient data.

Michael Leonard, Director of Product Management for Healthcare IT at Iron 
Mountain, told HealthITSecurity.com that many organizations don't encrypt 
their data for that reason.


What encryption trends are you seeing on-site v. off-site within 
healthcare organizations?

Leonard: We see in many organizations a lot of the content is still not 
encrypted, especially if it's being stored onsite, and that has been, I 
think, historically because it's within their four walls there's less 
concern, right or wrong, but there's less concern that it should be 
encrypted if it's in-house, so to speak. I don't see anybody, at least 
that we've talked to, moving content out into the cloud or out to a 
managed service provider unless it is encrypted, and that's clearly a best 
practice. Also, many of the existing clinical applications don't really 
have a native way of encrypting content, so it's like extra work for the 
organization to encrypt much of that clinical information. So, we see 
quite a bit of the content that's stored within the four walls of an 
organization as unencrypted.

[...]



--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/