Analecta Cyber Company Blog: Data Encryption Methods and Patient Privacy

2016-09-19

Data Encryption Methods and Patient Privacy

Data security and encryption technology solutions are some of the most critical topics that technology providers explore for deployment of healthcare information technology systems. High level encryption is a simple and efficient way for patients to safely access data and for physicians to communicate with one another and their patients. Many medical practices are taking advantage of technology to significantly improves patient healthcare.


There are, however, concerns beyond the simple question "is encryption being used?" - for example, encryption can be applied to data as it is in transfer and to data while it is being stored. Claiming "bank level" protection with encryption does not provide enough information aline.

Both "data at rest" and "data in transit" forms of encryption play a role in HIPAA compliance and protecting patient privacy. With a properly implemented "data at rest" encryption method, strong and properly encrypted devices thwart even the most advanced threats - even when the device has been lost or stolen!

Types of Encryption Methods

To test encryption algorithms, the National Institute of Standards and Technology (NIST) created a program specifically for testing purposes. The NIST and its counterpart, Canadian Communications Security Establishment (CSE) are working together to analyze, test and validate that an encryption module functions as intended and is an approved algorithm for deployment.

Data Encryption to Ensure Patient Privacy

Though the OCR and HHS have continued to work to reduce the number of data breaches in healthcare. Thus far OCR has been tolerant of non-complying encryption implementations or implementations that may not be full vetted by NIST.