Finally, Encryption By Default In Healthcare?

We live is a still world of data. For nearly five decades, we have had the tools to properly protect data in all its states, but still, we fail to do so. And, so, why sensitive data is not stored by encryption by default is still a mystery. Overall, it’s basically a carrot or a stick approach, and when it comes to cybersecurity often the stick wins over the carrot. While companies like Apple have generally tried to integrate encryption into data storage and processing, many others have little care for this or just see the encryption of data as a box to tick.

But this may be coming to an end in health care, and where The Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) is focused on reforming HIPAA — and which is now nearly three decades old). Generally, HIPPA aims to enhance the confidentiality, integrity, and availability (CIA) of electronic protected health information (ePHI), and things have changed significantly in cybersecurity since it was initially defined.

This overhaul will relate to any organisation involved in health care having to implement encryption and multifactor authentication (MFA) for electronic health records [here]: