Encryption's Role in Breach Prevention

An Updated Risk Analysis Will Lead to Broader Encryption Use
One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in preventing breaches, says attorney Amy Leopard.

As a result, the HITECH Act's electronic health record incentive program could prove to be a powerful encryption catalyst, the regulatory compliance expert says. That's because those applying for incentive payments must conduct an updated risk assessment and take action to remediate any risks identified.

"Many organizations are going to find once they go through a risk analysis that encryption is a good security solution for them," she says.

In an interview, Leopard also:

  • Stresses that a key to winning the support of senior executives for widespread use of encryption is to portray the investment as critical to preventing breaches and avoiding reputational harm. She advises security professionals to describe an encryption investment as "something we need to be doing to stay off the front page of the newspaper."
  • Discusses the breach-prevention value of encrypting data on mobile devices as well as using secure e-mail and virtual private networks;
  • Describes how to work with business associates to make sure they're applying encryption to protect patient information.

Leopard is a partner at Bradley Arant Boult Cummings, based in the firm's Nashville office. A former hospital executive, she advises clients on a variety of strategic issues. She has more than 25 years of healthcare experience, including serving as vice president at academic medical center and community hospital settings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.