Encryption is a common topic that we seem to be addressing quite frequently. Basically speaking, encryption is the method use to change information from a readable format to an unreadable one. Encryption is mostly used to keep information secured from unauthorized persons.
Most electronic devices in today’s day and age have encryption capabilities and sometimes this capability is part of the default setting of these devices. However; do you know which devices have the capability to encrypt and whether the same has been activated?
Let’s consider cybercrime for a moment and how the same relates to encryption. Cybercrime basically consists of an illegal act that uses technology as a tool. For the most part, the currency used by cybercriminals is data.
The data that you handle on a day to day basis, including yours, is valuable. Simple question: will you prefer to have your money in a secured vault in a bank or will you keep it in a bench at a park?
Now, let’s connect the points. If data is currency, shouldn’t we try to protect the same? HIPAA Security recognizes this point and addresses Encryption as one method needed to protect data. As a matter of fact, encryption is addressed in two of the HIPAA Security Standards:
45 CFR § 164.312(a)(2)(iv) Encryption and Decryption
“Implement a mechanism to encrypt and decrypt electronic protected health information.”
45 CFR § 164.312(e)(2)(ii) Encryption
“Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.”
The way I see it, encryption has become part of our lives and those who choose not to embrace it will soon learn that: “mistakes are paid with money”.
Act now and ask your Security Officer about encryption resources and how to use them.