Skip to main content

HIPAA and cybersecurity: Is encryption necessary?

Cybersecurity remains an uphill battle for all fields. Healthcare has remained a high priority, due to the highly sensitive information generated and stored by organizations within the space.


HIPAA, or the Health Insurance Portability and Accountability Act, has helped healthcare providers secure information about their patients and clients and remain ethical in their practices. However, there's been some disagreement over whether or not HIPAA's requirements should include encryption.


Cyberattacks and their effect on the public

Encryption is a basic cybersecurity measure to deter hackers from accessing sensitive information. Email encryption has been especially popular thanks to its capability to scramble information being transferred between businesses. It was revealed that Sony Entertainment did not have encryption in place when it was hacked, and later on, executive emails were released to the public.
Most recently the Anthem data breach has made many question how effective encryption would be as a HIPAA requirement. Anthem's cyberattack potentially compromised 80 million individual's' identifiable information, according to HealthITSecurity.com.


The source went on to describe how data encryption was defined as only an "addressable" aspect within HIPAA, and healthcare providers need to determine for themselves whether or not it's necessary. This is disconcerting since encryption has become a basic necessity for companies outside of the healthcare industry.

 

The action being taken for HIPAA

According to Business Solutions, a Forrester report found that over 40 percent of healthcare employees aren't using full-disk or file-level encryption tools in the workplace. These concerns led to federal officials stepping up to make major changes to HIPAA.


"Patients, hospitals, insurers - and all Americans who value the safety and privacy of their sensitive personal information - have a right to be alarmed by reports that their electronic records might be vulnerable to a cyber attack," United States Senate Health, Education, Labor and Pensions Committee Chairman Lamar Alexander said in a statement. "I look forward to working with Sen. Murray as we take a serious look at how these types of attacks may be prevented and examine whether Congress can help."


Officials used Anthem as an example of what encryption could have prevented, but according to The Associated Press, Kristin Binns, PR representative of Anthem, said the Anthem hacker had an administrator's ID and password. The organization typically encrypts exported data, but any kind of encryption would not have stopped a hacker with the password and administrator ID. However, it wouldn't hurt to have encryption in place.


The past and future of HIPAA

In 2009, cybersecurity was not as important as it is today. The closest requirement for encryption is derived from the HITECH Act, which requires the disclosure of any breaches that affected 500 people or more. The act also had an exemption for companies that encrypted their data.


Cyberthreats have become prominent over the past few years and are no longer considered entirely preventable. Businesses have to prepare themselves against threats by implementing cybersecurity measures such as email encryption, firewalls and antivirus software.


"We should be doing everything we can to make sure that personal and private information is protected from the growing threat of cyberattacks, and this is especially true when it comes to healthcare," Ranking Member Patty Murray of the Senate's committee said.


Politicians, including U.S. President Barack Obama and United Kingdom Prime Minister David Cameron have both discussed cybersecurity measures for their respective regions. For all industries, the definition of cybersecurity and its regulations will certainly be changing. The best thing all organizations can do is to develop their technology security plans and look out for future changes.

 

David Bailey is Senior Vice President at Protected Trust. 

Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services.  More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.

Add Comment

Comments (0)

Post
×
×
×
×
Link copied to your clipboard.
×
×