X hits on this document

PDF document

Safeguarding Health Information: Building Assurance through HIPAA Security - page 13 / 29

62 views

0 shares

0 downloads

0 comments

13 / 29

Is Encryption Alone Enough Protection?

  • Encryption vulnerabilities

    • May not be activated, eg due to performance concerns

    • Weak choice of passwords

    • Same old password used

    • Poor key management, writing down passwords

    • Users may not logout, or may

put mobile device on standby where pre-boot authentication is not required

    • Key loggers

    • Is it used pervasively at all points where PHI is at rest, in transit?

  • Multi-layered approach

    • Administrative and physical controls in addition to technical controls

  • Defense-in-depth approach

    • Combining encryption with other technical security controls, eg anti-theft technology for higher level of assurance PHI is secure

13

Document info
Document views62
Page views63
Page last viewedSat Dec 03 07:50:15 UTC 2016
Pages29
Paragraphs513
Words2482

Comments