A study conducted by Ponemon Institute in 2018, which included almost 6,000 people across various industries and 12 countries, found that health care information was ranked surprisingly low in encryption percentages when compared to other common industry sectors.
Data types that are customarily encrypted on a consistent basis are payment info/financial records, employee and HR info, and intellectual property. Through the study’s data findings, it was revealed that more than 50-percent of respondents routinely encrypted these types of sensitive information while a mere 24-percent said that the health information they gathered was encrypted.
However, while health care data encryption has seemingly been relegated to the back burner for most respondents; encryption as a whole, and especially in the health care industry, has increased over the last several years. Only a small percentage of organizations that were contacted claim to have no form of encryption at all.
Naturally, the type of data being encrypted centers around intellectual property and protecting customer payment information, but this tends to fly in the face of conventional wisdom when such a small percentage of respondents actively encrypt health data. Especially when one stops to consider how valuable personal health data can be to potential identity thieves and cybercriminals.
It may seem logical that health data would be given prime consideration, and, in some ways, it should; but, there were legitimate reasons offered for why this may not always be the case. Knowing what sort of health data needs to be encrypted and what doesn’t isn’t always a black and white decision. These choices are then made even harder when key management is factored in, since most keys for cloud services are notoriously difficult to manage.
At least for right now, encryption implementation is definitely on the rise while companies are weighing the benefits of being protected with the headache that managing encryption entails. Stay up to date with the latest news impacting health care organizations and learn best practices for staying HIPAA compliant with a Risk-Free 7-day trial at HIPAAgps.com.