The Security Scrutinizer with Howard Anderson

Winning Support for Encryption

Consider Taking a 'Test Drive'

Despite the ever-growing list of healthcare information breaches involving the loss or theft of unencrypted devices and storage media, many organizations have yet to widely deploy encryption

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases


Our Healthcare Information Security Today survey shows that only 60 percent of organizations apply encryption to mobile devices, half encrypt backup tapes, and 45 percent encrypt portable storage media such as USB drives.

Ten years ago, encryption tools weren't very great. But the tools have gotten much better. 

In one of our most popular stories in December, security expert Melodi Mosely Gates notes that a key reason why encryption isn't more widely used in healthcare is that some information technology specialists have outdated perceptions about the technology (see: Encryption: Overcoming Resistance).

"Ten years ago, encryption tools weren't very great," says Gates, an attorney at Patton Boggs LLP, Denver. Encryption technologies were expensive and dramatically slowed down the performance of other applications, she acknowledges. "But the tools have gotten much better," she stresses, and costs have substantially dropped.

Take a Test Drive

So Gates offers some practical advice on winning support for encryption: Launch small-scale pilots of encryption to demonstrate the technology is now practical and affordable.

While you're at it, be sure to educate encryption skeptics that under the HIPAA breach notification rule, breaches of data that have been properly encrypted do not need to be reported. And avoiding reporting just one major breach can save an organization thousands, if not millions, of dollars.

The cost of encryption can be kept under control, Gates says, if organizations prohibit data storage on many mobile devices, including laptops and smart phones. "It's a great alternative to encryption."

In the year ahead, as more organizations make strides in implementing electronic health records, they need to conduct updated risk assessments and mitigate all the risks identified. Surely encryption should be at the top of the risk-mitigation to-do list.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.