Experts highlight encryption for protecting health data
Health organizations have rushed to adopt new technology in efforts to increase efficiency and promote collaboration between doctors. This push has led to the proliferation of electronic health records, which allow medical professionals a greater level of access to critical information. Electronic records also serve as a tool for patient empowerment by allowing people to view their own records on demand.
Rapid technology adoption in the health industry comes with challenges, Brien Posey, a Microsoft Most Valuable Professional and former Fort Knox IT security expert, noted in a recent TechTarget article. The incorporation of bring-your-own-device frameworks in the health industry means that patient data may be spread throughout the IT environment. Posey stressed that health organizations must enforce stronger encryption practices as they adopt mobile devices.
Some improvement can be made in protecting stored data simply by creating a better understanding of device limitations. For example, Android supports hardware-level encryption for its Honeycomb- and Ice-Cream-Sandwich-based devices. Data stored on other versions would require an alternative means of protection.
While protecting information at rest is one component of an effective strategy, data must also be guarded as it transitions in and out of the cloud and between devices. For this reason, Posey said, it is critical for network traffic to be encrypted as well.
"One of the big factors is the wireless access point itself," Posey wrote. "As a general rule, older or low-end wireless access points tend to be less efficient than the newer access points. Some access points offload the encryption process to a dedicated chip. As such, organizations with aging wireless access points might experience better performance by upgrading to a newer model."
Healthcare organizations will likely need to place greater emphasis on securing mobile environments as BYOD adoption increases. In interviewing several health IT experts, eWeek recently suggested that there will be significantly more personal devices coming to health industry work places in 2013. Despite the potential security risks, Dennis Schmuland, chief health strategy officer for U.S. Health and Life Sciences at Microsoft, predicted that hospitals will improve their practices and better protect sensitive information.
Get your SSL certificate today to start protecting sensitive data in transit.