X hits on this document

PDF document

Safeguarding Health Information: Building Assurance through HIPAA Security - page 13 / 29

89 views

0 shares

0 downloads

0 comments

13 / 29

Is Encryption Alone Enough Protection?

  • Encryption vulnerabilities

    • May not be activated, eg due to performance concerns

    • Weak choice of passwords

    • Same old password used

    • Poor key management, writing down passwords

    • Users may not logout, or may

put mobile device on standby where pre-boot authentication is not required

    • Key loggers

    • Is it used pervasively at all points where PHI is at rest, in transit?

  • Multi-layered approach

    • Administrative and physical controls in addition to technical controls

  • Defense-in-depth approach

    • Combining encryption with other technical security controls, eg anti-theft technology for higher level of assurance PHI is secure

13

Document info
Document views89
Page views90
Page last viewedTue Jan 17 19:59:10 UTC 2017
Pages29
Paragraphs513
Words2482

Comments