Go to homepage
News & Publications
Make sure you’re encrypting patient information to avoid the ‘wall of shame’
e-Reports, Oct. 21, 2013
Font size: A  AIRSS feedRSSPrint
Untitled document

The federal government takes encryption seriously – so seriously officials now will publish the name of your practice if you suffer a breach of unsecured protected health information affecting 500 individuals or more. Find the federal breach list, which some are now calling the “wall of shame,” here.

What is encryption?
Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm (type of formula). If information is encrypted, there would be a low probability that anyone other than the receiving party who has the key to the code or access to another confidential process would be able to decrypt (translate) the text and convert it into plain, comprehensible text.

For a guide and recommendations, see here.

Source: U.S. Department of Health and Human Services

Surprisingly, the Healthcare Information and Management Systems Society reported 36 percent of providers in 2012 – including physician medical groups – were not yet encrypting their patient data.

“It is sad but true,” said Scott M Richards, project manager, Technology Assessment with Purdue Healthcare Advisors. “In my assessments around the state, I find that only about 20 percent of the laptops I look at are encrypted. Most think they are encrypted, but people are confused. They think the Windows password on the laptop means it’s encrypted.”

The Ponemon Institute published a report indicating more than 12,000 laptops are lost at U.S. airports every week. Approximately 40 percent of those laptops are left at security checkpoints; another 23 percent are left at the boarding gate.

“If any of those computers are not encrypted, they are open to identity theft, having personal photos going up on the web – and much more,” Richards said. Such violations of the Privacy Rule under the Health Insurance Portability and Accountability Act can result in costly fines and penalties – in addition to shame.

Some options for you
Richards advised that BitLocker Drive Encryption offers a full disk encryption feature with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems. You can use Bitlocker to encrypt individual partitions, entire drives and even USB flash drives. It uses the AES encryption algorithm and takes advantage of the Trusted Platform Module (TPM) found in many of today’s laptops.

The doctor on a budget, should check out TrueCrypt, suggested Richards. It is free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X and Linux. More information about TrueCrypt can be found here.

If you have questions about encryption, Richards welcomes calls from ISMA members and staff. Contact him at (765) 494-9454 or (765) 430-9577 or email him.

Copyright: Information written and displayed on www.ismanet.org is the property of ISMA and may not be reproduced without expressed written permission of the Indiana State Medical Association.

For a more detailed sitemap click here.