HealthIT Answers March 6, 2021
Industry Expert

By Matt Fisher, General Counsel, Carium

Data breaches grab headlines on a daily basis and arise from a number of different scenarios. However, one question that is not necessarily examined closely (at least in news articles), is whether encryption was in place and why the encryption did not prevent the breach. That rhetorical question does not get into the finding in a number of resolutions through the HHS Office for Civil Rights where lack of appropriately or properly implemented encryption was part of the reason for a penalty.

Some HIPAA Definitions
Before diving into encryption specifically, it is helpful to remember how a breach is defined by HIPAA. Under the breach notification rule (45 CFR 164.402), a breach is:

the...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, HIPAA, Provider, Technology
Related Articles:
HHS facing challenges as lead agency for healthcare cybersecurity: GAO
OCSF Joins The Linux Foundation: A New Chapter For Open Cybersecurity
5 Cybersecurity Priorities for The Trump Administration
How to protect telemedicine from cyberattacks
AI-Driven Cybersecurity And Compliance: Integrating Finance, HR And Legal

Share This Article