Training

Encryption as Part of a Broader 'Safe Harbor' Strategy

Presented by ISMG     90 Minutes    
Encryption as Part of a Broader 'Safe Harbor' Strategy
Because the HITECH Act's breach notification rule includes a safe harbor that exempts the reporting of breaches if the data involved was properly encrypted, many organizations are investigating whether to make wider use of encryption. But healthcare organizations need to develop a better understanding of how encryption fits as just one of many components in a broader security strategy.

Join us for this exclusive session, when you'll learn how to:

  • Analyze your environment to identify breach risks;
  • Follow a systematic approach to evaluating enterprise security controls and pinpoint encryption needs;
  • Address technology, process and people requirements in developing a broader "safe harbor" breach prevention strategy.

Background

The HITECH Act's interim final breach notification rule, published in the fall of 2009, spelled out when major breaches affecting 500 or more individuals must be reported to federal authorities as well as those affected. But the rule contained a significant "safe harbor" provision, exempting the reporting of breaches of data that was encrypted in compliance with specific NIST guidelines.

The HITECH Act, as well as HIPAA and other federal rules, all stop short of mandating encryption. But because a majority of the major breaches reported to federal authorities so far have involved the theft or loss of unencrypted computer devices and media, many organizations are considering making widespread use of encryption.

Approaching breach prevention through encryption alone, however, is not the right approach. Such a strategy is costly and can have an adverse effect on system performance and create a false sense of security.

In this exclusive session, healthcare organizations of all sizes will learn how to:

  • Analyze their environment to understand breach risks by taking a life cycle approach to mapping protected health information in the enterprise;
  • Follow a systematic approach to evaluating enterprise security controls as well as encryption needs;
  • Address technology, process and people requirements in developing a broader, well-balanced, integrated approach to security, resulting in a "safe harbor" breach prevention strategy;
  • Plan for and understand why the use of encryption needs to change over time as the IT environment changes.

Webinar Registration

Premium Members Only

OnDemand access to this webinar is restricted to Premium Members.

Join Now to Access
Have an account? Sign in.


Around the Network

Critical Considerations for Generative AI Use in Healthcare
Critical Considerations for Generative AI Use in Healthcare
Why Entities Should Review Their Online Tracker Use ASAP
Why Entities Should Review Their Online Tracker Use ASAP
Generative AI: Embrace It, But Put Up Guardrails
Generative AI: Embrace It, But Put Up Guardrails
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why OT Security Keeps Some Healthcare Leaders Up at Night
Threat Modeling Essentials for Generative AI in Healthcare
Threat Modeling Essentials for Generative AI in Healthcare
Inside Look: FDA's Cyber Review Process for Medical Devices
Inside Look: FDA's Cyber Review Process for Medical Devices
Addressing Security Gaps and Risks Post-M&A in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
Why Connected Devices Are Such a Risk to Outpatient Care
Why Connected Devices Are Such a Risk to Outpatient Care
The State of Security Leadership
The State of Security Leadership
Zero Trust, Auditability and Identity Governance
Zero Trust, Auditability and Identity Governance

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.