It’s taken a while for health care to finally get on board with encryption, but that’s basically become the standard for healthcare. That includes encrypting devices like laptops and servers, but also includes encrypting health care data that’s being sent across the internet. I’ve sometimes called encryption the “get out of jail free” card when your laptop or other device is stolen. If it’s encrypted, then it’s likely not a HIPAA violation. If it’s not encrypted, then you’re likely heading to the HHS wall of shame. Of course, there’s a lot more to HIPAA compliance than just encryption, but it’s a good start.
While health care has come a long way with encryption, we could still improve. This great Evolution of Encryption infographic from DataMotion illustrates how far encryption has come, but also how health care needs to continue to evolve its approach to encryption as well. Looking at the infographic, most of healthcare is in the 1990s-2000s with a few still using 1991 technology. I don’t know many that have ubiquitous encryption (2015), but that’s where we’re headed.
What’s your organization’s approach to encryption? Where do you fall in this evolution? Where do your vendors fall on the scale?