If you’ve been following HIPAA breaches at all, you know that many of the largest could have been prevented if the stolen devices (laptops, drives, etc.) had been encrypted. The problem with encryption is most people don’t get it.
When trying to explain encryption to physicians last year, I wrote,” Whole Disk Encryption is a solution for protecting all data on an entire desktop, laptop, or removable disk drive. Whole Disk Encryption secures disk contents, including system and temporary files, automatically safeguarding sensitive data from unauthorized access. Whole Disk Encryption provides protection against unauthorized access of private and confidential data.”
In preparation for this blog, I asked one of Anthelio’s security folks to describe encryption for me.
Sean Mulch wrote:
“Encryption is the conversion of information into a form that cannot be understood by unauthorized parties. Its use is as old as communication itself, most frequently used in war. With the rapid expansion in the use of computer technology to store, manipulate and communicate all manner of sensitive data, the importance and use of encryption has found much broader application.
Within the healthcare industry, a recent report indicates that last year the number of records lost in data breaches nearly doubled (up 97%). Perhaps even more staggering is that data breaches stemming from employee loss of unencrypted devices was up 525%!”
I was beginning to wonder if anyone could explain encryption in a way that would be understandable to novices. On the Internet I found it described as “mixing two cans of paint together and then trying to separate them again.” Or, you might say it’s covering every needle of data with a haystack, thus greatly reducing the chances of anyone finding it.
Experts talk about algorithms and prime numbers, but I want readers to understand what encryption feels like so that they won’t be afraid to use it. When I log on to my computer in the morning, a box asks for my encryption password. Sure, it might take an extra few seconds. In this Internet age, we are used to finding out, purchasing, and connecting to anything or anyone we want in a matter of seconds. We have lost the art of patience. [For cool information on tolerance of wait times, read http://managewp.com/page-load-speed ]
So, let’s start a trend. For the sake of the confidentiality of all personal health information, all healthcare providers should encrypt their devices. They should do this whether the government requires it or not. (Under Meaningful Use, Stage 2, it is still not yet required.) Tell your friends to pass it on. Really, it shouldn’t take you any longer than passing on the latest joke, fad, or misinformation to hit the Internet!
Written by Sean Mulch, Senior Information Security Engineer with the Anthelio Healthcare Information Security Group
Accountable Care Anthelio Data Protection Disaster Recovery Electronic Medical Records Health Information Management History Hospital IT Applications Information Security Meaningful Use Patient Care Politics Services Uncategorized