Health IT: Should HIPAA Require Encryption?
Posted on Friday, February 13, 2015 11:04 AM
According to the Associated Press, federal officials are planning on reviewing whether HIPAA should require encryption. The Senate Health, Education, Labor and Pensions committee said it will take up the matter as part of a bipartisan review of health information security. Recently, information on up to 80 million consumers, including names, birth dates, addresses, email addresses, employment information and Social Security/member identification numbers, were compromised in the attack on Anthem. According to sources, Anthem’s information was not encrypted. However, Anthem has stated that the hacker also had a system administrator’s ID and password, “which would have made encryption a moot point.” Security experts have said that a stolen credential by itself should not be key to the whole data kingdom and information should always be encrypted wherever it resides.
to read more.