What is the key to winning financial support from senior executives for an investment in encryption technology? How can encryption be used to mitigate security and privacy risks? And how does encryption fit as a component of an enterprise's risk-management strategy?
This webinar, featuring a security expert who serves as an adviser to federal regulators, will provide in-depth answers to these critical questions. Dixie Baker of SAIC will offer in-depth guidance including:
A clear explanation of the encryption requirements for HIPAA and HITECH Act compliance;
A guide to specific encryption solutions that may be reasonable and cost-effective for mitigating various security and privacy risks;
An analysis of both the real and perceived challenges associated with encryption, and a practical strategy for success.
One important way to protect sensitive information is by implementing controls that enable only authorized individuals and software applications to access the containers of the data representing that information, including servers, files, folders, and networks. But while such access controls can help make sure that unauthorized entities are denied access to containers of data, the only mechanism for effectively protecting the information itself -- even when unauthorized individuals have gained access to the containers -- is encryption.
Encryption technology grew out of the military and intelligence communities that needed a means of electronically sharing secrets in such a way that no one else who happened to intercept the transmission or otherwise gain access to the container of the secret could comprehend the information. So they came up with the notion of scrambling the letters using some secret sequence of steps, known as a "cipher," that they could share directly. Only people who knew the secret sequence could then unscramble the ciphered text.
However, as the availability and capacity of computing power, storage and bandwidth has dramatically increased, and the cost decreased, encryption has migrated into the mainstream. Today, virtually everyone orders products over an encryption-secured Internet link and exchanges e-mail that is encrypted and digitally signed. But, unfortunately, the perception of encryption as slow and expensive has persisted.
In this session, Dixie Baker of SAIC will demystify encryption technology, clarify the HIPAA/HITECH requirements, and describe how to use encryption as part of a comprehensive risk-management strategy. Topics that will be addressed include:
Encryption technology basics: An overview of the types of encryption, implementation options and factors that contribute to the strength of any encryption solution;
Encryption applications: Solutions for protecting files, storage media, web transactions and electronic mail
HIPAA/HITECH encryption requirements: What is actually required for compliance?;
Encryption costs: Financial, performance, and operational costs, as well as measurable benefits.
Cost-benefit analysis: An example of how an organization might measure the return on investment for encryption technology.
Baker became a Senior Partner with Martin, Blanck & Associates in 2012. Since May 2009, Dr. Baker has served as a member of the Health Information Technology (HIT) Standards Committee (HITSC), a Federal Advisory Committee (FACA) created by the American Recovery and Reinvestment Act of 2009 to advise the Office of the National Coordinator for Health Information Technology (ONC). She chairs the HITSC's Privacy and Security Workgroup and the Nationwide Health Information Network (NwHIN) Power Team. She also serves on the HIT Policy Committee's Privacy and Security Tiger Team, which advises the ONC Chief Privacy Officer regarding national policy to protect the security of electronic health information, and the privacy of healthcare consumers.