Because the HITECH Act's breach notification rule includes a safe harbor that exempts the reporting of breaches if the data involved was properly encrypted, many organizations are investigating whether to make wider use of encryption.
But healthcare organizations need to develop a better understanding of how encryption fits as just one of many components in a broader security strategy.
Join us for this exclusive session, when you'll learn how to:
Analyze your environment to identify breach risks;
Follow a systematic approach to evaluating enterprise security controls and pinpoint encryption needs;
Address technology, process and people requirements in developing a broader "safe harbor" breach prevention strategy.
The HITECH Act's interim final breach notification rule, published in the fall of 2009, spelled out when major breaches affecting 500 or more individuals must be reported to federal authorities as well as those affected. But the rule contained a significant "safe harbor" provision, exempting the reporting of breaches of data that was encrypted in compliance with specific NIST guidelines.
The HITECH Act, as well as HIPAA and other federal rules, all stop short of mandating encryption. But because a majority of the major breaches reported to federal authorities so far have involved the theft or loss of unencrypted computer devices and media, many organizations are considering making widespread use of encryption.
Approaching breach prevention through encryption alone, however, is not the right approach. Such a strategy is costly and can have an adverse effect on system performance and create a false sense of security.
In this exclusive session, healthcare organizations of all sizes will learn how to:
Analyze their environment to understand breach risks by taking a life cycle approach to mapping protected health information in the enterprise;
Follow a systematic approach to evaluating enterprise security controls as well as encryption needs;
Address technology, process and people requirements in developing a broader, well-balanced, integrated approach to security, resulting in a "safe harbor" breach prevention strategy;
Plan for and understand why the use of encryption needs to change over time as the IT environment changes.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
McMillan is co-founder and CEO of CynergisTek Inc., a firm specializing in information security and regulatory compliance. He has more than 30 years of federal and private sector experience in managing and delivering information security services and is chair of the HIMSS Privacy and Security Steering Committee.