http://healthitsecurity.com/2014/03/17/healthcare-data-encryption-trends-and-methods/
By Patrick Ouellette
Health IT Security
March 17, 2014
There are varying responses from healthcare organizations and security
experts when the question of why an organization would not encrypt its
data is posed. For some, it's a numbers game and their budget simply can't
fit encryption technology. Others philosophically are opposed because they
believe, to a degree, it degrades the data. However, there may be a more
fundamental reason for a lack of encryption for some organizations: the
belief that their "four walls" are enough to protect patient data.
Michael Leonard, Director of Product Management for Healthcare IT at Iron
Mountain, told HealthITSecurity.com that many organizations don't encrypt
their data for that reason.
What encryption trends are you seeing on-site v. off-site within
healthcare organizations?
Leonard: We see in many organizations a lot of the content is still not
encrypted, especially if it's being stored onsite, and that has been, I
think, historically because it's within their four walls there's less
concern, right or wrong, but there's less concern that it should be
encrypted if it's in-house, so to speak. I don't see anybody, at least
that we've talked to, moving content out into the cloud or out to a
managed service provider unless it is encrypted, and that's clearly a best
practice. Also, many of the existing clinical applications don't really
have a native way of encrypting content, so it's like extra work for the
organization to encrypt much of that clinical information. So, we see
quite a bit of the content that's stored within the four walls of an
organization as unencrypted.
[...]
--
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
