Making the change to remote work? We're happy to help you stay connected Learn more >

Making the change to remote work?
We're happy to help you stay connected

Learn more
Describing our services, Security, Security and Compliance

Encryption — It’s more than just a cipher

In our third issue of our blog series on HIPAA compliance, we look deeper into the level of encryption security required by HIPAA. You can read the second installment about the OCR’s Phase 2 audit program and it’s implications for cloud services users here and our first installment about the importance of risk management to ensure compliance here.

 

A couple of years ago when we were interviewing clients about security features, we realized that encryption technology had very low awareness. Many people didn’t really know what it was or how it worked. How the world has changed!

Encryption is making news

There has been a huge focus on the value and tradeoffs of using strong encryption. Just think about all the debate and media attention around Apple’s iPhone encryption and FBI requests for access to encrypted data.

Now, we’ve seen the first (to my knowledge) accusations and charges by the FTC about misleading encryptions claims by a software provider.

HIPAA compliance and “industry standard” encryption

Earlier this year, a dental software provider was fined for falsely advertising their level of encryption as “industry-standard” to protect patient data as required by HIPAA.

The FTC investigation alleged that the encryption was not, in fact, “industry-standard” Advanced Encryption Standard (AES), in accordance with the National Institute of Standards and Technology (NIST) recommendations for HIPAA. And that resulted in the vendor settling the case for $250,000.

Is your encryption “industry standard”?

This case illustrates that the government puts the onus on vendors to implement “strong” encryption using the industry standard. And it also stresses that the healthcare organizations that are buying encryption service need to look beyond simplistic marketing claims about encryption and verify that AES is being used.

Make sure your encryption is strong

Now that you know what to look for, make sure your encryption solution meets the strong standard that NIST recommends. Don’t fail your next HIPAA audit because your encryption isn’t good enough!

If you’re in the market for HIPAA compliant cloud IT services, you might consider Intermedia. We have put together a comprehensive package of IT services with powerful security and reliability baked right in. If you have any questions, feel free to call our experts at 800-379-7729.

About Craig Woods

Craig Woods is the Director of Product Marketing at Intermedia.

Recent Posts
View post: 5 Reasons to Move Your On-premises Exchange to the Cloud
Email Archiving, Email Continuity, Encrypted Email, Exchange Email, On-premises environments, Productivity and Email, Security and Compliance, The Business Cloud
Posted on March 28, 2023

5 Reasons to Move Your On-premises Exchange to the Cloud
View post: 8 Security Questions To Ask Secure Email Providers
Security
Posted on February 27, 2023

8 Security Questions To Ask Secure Email Providers
View post: The 1-2-3 Guide to White Label Cloud Services
Describing our services, Partner Program, Services
Posted on January 5, 2023

The 1-2-3 Guide to White Label Cloud Services
Trending Topics
Top Picks

Intermedia news

ZDNet finds Intermedia's file backup & sharing solution one of the most innovative tools for keeping businesses secure

Cloud best practices, On-premises environments, The Cloud, Voice: Cloud PBX

VoIP Game Changer: 5 must-haves for seamless adoption

Describing our services, Email Archiving, Exchange Email, News and announcements, On-premises environments, Security

Meet the New Standard for Business Email

Subscribe to our Blog via Email

Recommended articles
View post: New email encryption templates make it easier to protect sensitive information
Compliance, News and announcements, Security, Security and Compliance, Usage tips

New email encryption templates make it easier to protect sensitive information

Posted on February 2, 2016

Now healthcare, financial services and legal services customers can more easily encrypt sensitive data Regulations such as HIPAA, GLBA and TILA-RESPA identify specific types of information […]

View post: Introducing Advanced Email Security
Describing our services, News and announcements, Security, Security and Compliance

Introducing Advanced Email Security

Posted on April 27, 2016

Earlier this year, Intel® Security announced end of life for a large number of McAfee® SaaS security services, including email protection and continuity services sold by Intermedia within […]

View post: Your hidden exposure in managing risk for HIPAA compliance
Backup & File Sharing, Compliance, SecuriSync Backup and File Sharing, Security

Your hidden exposure in managing risk for HIPAA compliance

Posted on September 23, 2016

In our fourth issue of our blog series on HIPAA compliance, we look at the major risk you might not consider when addressing HIPAA compliance. You can read the third installment […]

Search for the insights you need

Try these topics: