Training

Encryption as Part of a Broader 'Safe Harbor' Strategy

Encryption as Part of a Broader 'Safe Harbor' Strategy
Because the HITECH Act's breach notification rule includes a safe harbor that exempts the reporting of breaches if the data involved was properly encrypted, many organizations are investigating whether to make wider use of encryption. But healthcare organizations need to develop a better understanding of how encryption fits as just one of many components in a broader security strategy.

Join us for this exclusive session, when you'll learn how to:

  • Analyze your environment to identify breach risks;
  • Follow a systematic approach to evaluating enterprise security controls and pinpoint encryption needs;
  • Address technology, process and people requirements in developing a broader "safe harbor" breach prevention strategy.

Background

The HITECH Act's interim final breach notification rule, published in the fall of 2009, spelled out when major breaches affecting 500 or more individuals must be reported to federal authorities as well as those affected. But the rule contained a significant "safe harbor" provision, exempting the reporting of breaches of data that was encrypted in compliance with specific NIST guidelines.

The HITECH Act, as well as HIPAA and other federal rules, all stop short of mandating encryption. But because a majority of the major breaches reported to federal authorities so far have involved the theft or loss of unencrypted computer devices and media, many organizations are considering making widespread use of encryption.

Approaching breach prevention through encryption alone, however, is not the right approach. Such a strategy is costly and can have an adverse effect on system performance and create a false sense of security.

In this exclusive session, healthcare organizations of all sizes will learn how to:

  • Analyze their environment to understand breach risks by taking a life cycle approach to mapping protected health information in the enterprise;
  • Follow a systematic approach to evaluating enterprise security controls as well as encryption needs;
  • Address technology, process and people requirements in developing a broader, well-balanced, integrated approach to security, resulting in a "safe harbor" breach prevention strategy;
  • Plan for and understand why the use of encryption needs to change over time as the IT environment changes.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.


Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.