In today’s world, we rely on computer technology whether in fixed locations, like a workstation desktop computer, or when using mobile devices such as laptops, tablets, smartphones, or other personal digital assistants (PDAs). All require protections if they are used to store or transmit confidential information.
The difference between passwords and encryption can be confusing to the average computer user and may delay implementation of available security solutions until a “breach” occurs and/or awareness of security protections is enhanced. Simple security solutions include:
Passwords: Passwords should be used on all devices containing confidential information to prevent unauthorized access. Strong passwords – those that cannot be easily guessed or easily broken by a brute force attack – are recommended. Brute force attacks use automated methods/computers that enable thousands of passwords or pass-phrase guesses to be tried in seconds until guessed correctly. Strong passwords are somewhat random, yet can be remembered. Avoid using the same password for multiple user accounts and websites. Password manager programs are available to help manage them. Best practice and compliance with HIPAA suggests passwords should be changed every 60 days.
Encryption: Encryption is used to protect confidentiality of digital data stored on computer systems or transmitted via computer networks or the Internet. Encryption translates data into a secret code. Passwords are used for some forms of encryption, but a password doesn’t necessarily result in encryption. However, passwords can prevent unauthorized use of your computer. If your computer is not encrypted, the disk drive can be accessed and read by unauthorized persons. Portable storage devices like external hard drives and USB thumb drives should be encrypted. Encryption programs may be purchased from IT vendors, and may be available on newer versions of computer operating systems. Standard email is not encrypted and should not be used for communicating protected patient information. Patient portals that use encryption are a secure alternative. Be aware that digital copiers contain hard drives and should be encrypted or properly erased before disposal.
Policy development and implementation of proactive solutions to avoid a security breach are encouraged in all medical practices.
For additional details, also see:
Cyber Risk: Why You Are a Target and How to Avoid Being the Next Victim
Can Data Encryption Make You Safe?
Submitted by Jackie Gellis, MHA, RN
CAP Senior Risk Management and Patient Safety Specialist
If you have questions about this article, please contact us. This information should not be considered legal advice applicable to a specific situation. Legal guidance for individual matters should be obtained from a retained attorney.