2: Encryption in a Unified Security Posture

Businesses in healthcare struggle with double standards, highly
complex security infrastructure that is disjointed and redundant.


Lawmakers have a real hard time understanding and the terminology
that is needed to enact laws around technology. A perfect example
is how “encryption” is labeled as something that is “addressable”
vs. “required” under HIPAA. Congress saying that encryption is
not a requirement does a serious disservice to those who need to
make decision for their company.


Encryption is a HIPAA requirement despite what the law says
because there is no circumstance in which ePHI should not be
encrypted. If your business is breached and you didn’t have the
proper security controls such as encryption in place, your
business is open to fines into the millions of dollars as well as
nasty civil suits by those affected by a breach.


But encrypting everything is easier said than done.