Data needs to be encrypted at every stage, whether it's in use, in motion (i.e., actively moving across the internet or through a private network) or at rest (i.e., stored or archived on a stored on a static medium like a hard drive, laptop or flash drive). In-transit data is often encrypted before it's moved or moved over an encrypted connection like HTTPS or SSL, Digital Guardian says; to protect at-rest data, sensitive files can be encrypted before storage, or the entire drive can be encrypted.
Encryption is the first step to protecting patient data, but encryption also needs a framework around it to form a layered security perimeter. That framework should include:
- Security awareness training. Because not all data is going to be encrypted, employees should know the steps on how and why data security is a priority.
- Regular risk assessments. Employees need to be able to identify any lapse in data protection or if data encryption is faulty.
- Restricted access to data. Only the people who need a particular piece of data should be able to access it. The more people who have access, the greater the risk of compromise. Encryption can't protect data that's accessed legitimately, so the fewer with access, the better.
Data encryption is critical to keeping patients safe and healthy. Medical facilities need to deploy a comprehensive mix of security solutions to ensure that patients' data remains secure. Encryption might not be a be-all, end-all solution, but it helps ensure that data is kept safe and that patient privacy remains uncompromised.
Discover how Verizon's security solutions can help protected health information stay protected.