What exactly is Encryption?
Encryption takes your data or written text/PHI and turns it into unreadable text using software or algorithms. This unreadable text can only be deciphered through an encryption key that will allow you to read it once again. This protects your data even in the event of a breach or theft, and can leave the data useless to anyone who obtains or steals it.
The Importance of Encryption
Whether your data is at rest, or in transit, you MUST make sure that it is encrypted to keep anyone with malintent from penetrating your network and gaining knowledge of your sensitive data.
There are several elements to encryption. You have your computer’s hard disk. You send and receive emails. You backup to a Hosting Service. All of these transmissions are at risk of someone intercepting it and making off with your PHI for who knows what purpose. This is why encryption is so, so important. This past year, the 4th highest fine ever was levied for a lack of encryption which led to a massive breach.
So, you may be saying, “How do I stop breaches like this?” The answer is ENCRYPT, ENCRYPT, ENCRYPT!!!
Data at Rest
Protecting Data at Rest definitely requires some steps be taken by your IT Team. Data at rest is easily defined as the files which may contain PHI that reside on your computer. First, they must ensure that you are encrypting at the highest level possible, 126k. Second, you need a program to handle the encryption. On Windows 10 Professional this is simple. Merely turn on BitLocker and that will aid in your encrypting. Also, you need to protect in a rather obvious fashion – Have a unique login to your workstation that only you know. While that last one is not exactly encryption, it is a necessary component to your Technical Safeguards.
Data in Motion
Protecting Data in Motion is equally important to data at rest. Data in motion is when you are transmitting files which may contain PHI off of your computer in order to send or share with another individual/entity. This may include data backup, emailing a patient or internal correspondences. Whenever data is in motion it is at risk and this risk needs mitigation. How? Why, encryption, of course. If what you send out is indecipherable until it reaches it’s ultimate destination, how will the person intercepting it utilize it at all? This is why it is so crucial to have encryption, since no one but the intended recipient should ever be made aware of that correspondences contents.
Portable devices present an interesting risk due to their commonality in this era. Everyone has a smart phone. Loads of people use tablets for work. Laptops are now more frequently seen than desktops. If you use items like these to access PHI you need to make sure that you are protecting them correctly in order to remain compliant. First, make sure that the device itself locks the screen and is only made available upon entry of a pin. Or, make use of a biometric authentication portion of your device to unlock the screen. Aside from this, ensure that the device is encrypted, so that if you lose it the PHI which may be cached on the device is rendered indecipherable. You will also want to have Anti-Virus and what is called Remote Wipe installed. Remote Wipe again comes back to the loss of a device. If you were to lose your device, Remote Wipe will allow you to erase that hard drive from another location, keeping the information secure.