HealthIT Answers March 6, 2021
Industry Expert

By Matt Fisher, General Counsel, Carium

Data breaches grab headlines on a daily basis and arise from a number of different scenarios. However, one question that is not necessarily examined closely (at least in news articles), is whether encryption was in place and why the encryption did not prevent the breach. That rhetorical question does not get into the finding in a number of resolutions through the HHS Office for Civil Rights where lack of appropriately or properly implemented encryption was part of the reason for a penalty.

Some HIPAA Definitions
Before diving into encryption specifically, it is helpful to remember how a breach is defined by HIPAA. Under the breach notification rule (45 CFR 164.402), a breach is:

the...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, HHS, HIPAA, Provider, Technology
Related Articles:
Platform versus Platformization: How CrowdStrike is winning the platform battle
New Cisco Hypershield aims to 'completely reimagine' security in the AI age
The aftermath of Change: Two experts on how healthcare organizations can prevent the next cyberattack
How to prepare for and minimize the impact of cyberattacks
5 Trends That Will Determine The Hospital From The Future - April 2024

Share This Article