October 16, 2015

Episode 23: If it moves - encrypt it.

Listen Later

35 minutes

Description

We explained the concepts of encryption in Episode 2: Let’s Talk Encryption but people continue to ask more about what they really need to do with encryption.

Links

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Episode 2: Let’s Talk Encryption

The government and privacy advocates can’t agree on what ‘strong’ encryption even means

Notes

First, what can encryption do for you and what it can't do for you.

VPN, HTTPS, SSL, SFTP, etc. Protect communications from prying eyes.

Everything else is about encrypting data on the devices themselves.

If you encrypt data on a device but you are hacked when you are logged into the device, encryption isn't too helpful. Encryption is helpful when someone tries to access the data on the device without your key (or password).

Strong Encryption is also subjective - there is no solid authority on what is really strong encryption because law enforcement wants a back door.

What does HIPAA say about encryption? Encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.

Not very helpful.......

What does OCR say about it? At NIST / OCR HIPAA 2015 conference: If it moves it should be encrypted.

Now that's a line that can be drawn.

Encryption of your files stored in the cloud (certainly something that moves)

File encryption by an app on the computer over specific files like 7Zip

Windows built in encryption - Bitlocker, EFS

NAS and Flash drives with built-in encryption

Encryption on your phone built-in

Cloud based encryption management - MDM - Alertboot, MaaS360, Manage Engine https://www.manageengine.com/mobile-device-management/

Create an encryption plan:

Includes all devices - laptops, phones, external drives, etc.

Specs required like AES 128 or FIPS should be written down

Methods used for implementation on all types of devices

Encryption key management plan

Audits and verification plans

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Help Me With HIPAA

By Donna Grindle and David Sims

4.9

6161 ratings

October 16, 2015

Episode 23: If it moves - encrypt it.

Listen Later

35 minutes

Description

We explained the concepts of encryption in Episode 2: Let’s Talk Encryption but people continue to ask more about what they really need to do with encryption.

Links

FindHealthcareIT

HIPAAforMSPS.com

Kardon Compliance

Episode 2: Let’s Talk Encryption

The government and privacy advocates can’t agree on what ‘strong’ encryption even means

Notes

First, what can encryption do for you and what it can't do for you.

VPN, HTTPS, SSL, SFTP, etc. Protect communications from prying eyes.

Everything else is about encrypting data on the devices themselves.

If you encrypt data on a device but you are hacked when you are logged into the device, encryption isn't too helpful. Encryption is helpful when someone tries to access the data on the device without your key (or password).

Strong Encryption is also subjective - there is no solid authority on what is really strong encryption because law enforcement wants a back door.

What does HIPAA say about encryption? Encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.

Not very helpful.......

What does OCR say about it? At NIST / OCR HIPAA 2015 conference: If it moves it should be encrypted.

Now that's a line that can be drawn.

Encryption of your files stored in the cloud (certainly something that moves)

File encryption by an app on the computer over specific files like 7Zip

Windows built in encryption - Bitlocker, EFS

NAS and Flash drives with built-in encryption

Encryption on your phone built-in

Cloud based encryption management - MDM - Alertboot, MaaS360, Manage Engine https://www.manageengine.com/mobile-device-management/

Create an encryption plan:

Includes all devices - laptops, phones, external drives, etc.

Specs required like AES 128 or FIPS should be written down

Methods used for implementation on all types of devices

Encryption key management plan

Audits and verification plans

...more

More shows like Help Me With HIPAA

This Week in Tech (Audio) by TWiT

This Week in Tech (Audio)

3,014 Listeners

The Ramsey Show by Ramsey Network

The Ramsey Show

38,704 Listeners

Wait Wait... Don't Tell Me! by NPR

Wait Wait... Don't Tell Me!

38,649 Listeners

Radiolab by WNYC Studios

Radiolab

43,909 Listeners

The Joe Rogan Experience by Joe Rogan

The Joe Rogan Experience

225,807 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,006 Listeners

Juicy Scoop with Heather McDonald by Heather McDonald & Studio71

Juicy Scoop with Heather McDonald

25,558 Listeners

The Jordan B. Peterson Podcast by Dr. Jordan B. Peterson

The Jordan B. Peterson Podcast

34,045 Listeners

This Past Weekend w/ Theo Von by Theo Von

This Past Weekend w/ Theo Von

27,214 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,871 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

187 Listeners

All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks & Friedberg

9,095 Listeners

The MeidasTouch Podcast by MeidasTouch Network

The MeidasTouch Podcast

44,368 Listeners

SmartLess by Jason Bateman, Sean Hayes, Will Arnett

SmartLess

57,908 Listeners

The Dr. John Delony Show by Ramsey Network

The Dr. John Delony Show

7,093 Listeners