877.334.8512 |      

EHR and practice management for mental / behavioral health

Encryption: What Are You Waiting For?

PIMSY behavioral health EHR: details about encryption for HIPAA compliance

by Donna Koger, 1.26.17

No, seriously, what is keeping you from complete HIPAA compliance? Are you afraid it will cost too much and take up too much of your time? Do you know it’s not that difficult to be fully compliant - and it is very important for your survival as a business?

Data Encryption for HIPAA Compliance

We have posted several articles about HIPAA compliance and how to get there; but do you know how it affects your bottom line? For example, encryption of hard drives (computers and laptops), portable drives (flash drives or other mobile technology) and email. All of these are subject to improper use and hacking that can cost your entire business enough to shut you down. Yes, there is some fear but many of the solutions are not too difficult to carry out.

According to DataMotion, the average cost of resolving a data breach has reached nearly $4 million . . . encryption provides additional gains often overlooked.

When your equipment and email are encrypted, it sends a message to others that you are serious about your business, protecting the privacy and security of your clients’ information. It can also rank you higher in the marketplace for having up-to-date technology. Encrypted email can strengthen your relationships + reputation and, of course, it protects you from awful, expensive audits.

So how do you encrypt your drives? What kinds of problems can it create?

Encrypting Drives

There are some free applications or you can purchase and download the software that will perform encryption for you:
1. CompuSec
2. VeraCrypt (previously TrueCrypt)
3. Safehouse Explorer

PIMSY behavioral health EHR complimentary compliance newsletter: sign up form

 


Alternatively, you can have your tech support person install the required Windows version (Windows 7 or 10 PRO) on each computer and utilize the included encryption software. Some newer computers have a “chip” on the motherboard that stores the encryption key. Since most don’t yet have the chip, you will need to use an external drive (flash drive) to encrypt your hard drive (computer or laptop).

You should be able to add the encryption key to a mobile drive that, when removed, protects the computer from use. There should also be a second backup mobile drive that has a copy of the encryption key. When devices are not in use, the mobile drive with the encryption key can be removed to protect your data from anyone who should not view private files.

When a drive is encrypted on a computer or laptop and the encryption key is installed, users can work on the computer, even if the device goes to sleep. The drive encryption is mainly to prevent access to files if the hardware is lost or stolen. However, all devices should be set to automatic logoff when the computer is not in use. There should always be a username/password to access the device.

What are the Problems?

• On some devices, such as computers or laptops, there will be a slowdown - but it is negligible on most.
• There could be problems recovering files if the hard drive fails, however, a competent tech support person should be able to get around this problem.

Encrypting Email

The only way to send encrypted email is to use one of the email services that are HIPAA compliant, such as EmailPros, Mailfence or ProtonMail (free). [the listed services are not necessarily endorsed by SMIS]

Remember, however, that the emails you receive are not HIPAA compliant unless the sender also has encrypted email. Your encrypted email will show you are HIPAA compliant on your end, which is acceptable.

As always, contact us for further questions or information regarding encryption for HIPAA compliance: This email address is being protected from spambots. You need JavaScript enabled to view it. - and see our HIPAA Resource Center for more complimentary compliance information.

Sources Include

http://www.techsupportalert.com/best-free-drive-encryption-utility.htm#Quick_Selection_Guide
https://www.datamotion.com/

PIMSY behavioral health EHR helps you stay HIPAA compliant

Donna Koger, HIPAA Compliance Officer of PIMSY behavioral health EHR

Donna Koger is currently the HIPAA Compliance Officer and materials developer for software training and support at Smoky Mountain Information Systems, home of PIMSY EHR. Ms. Koger is also a regular contributor to the PIMSY EHR Blog.

Kudos from Clients

  • Seth H.

    “PIMSY more than pays for itself by streamlining my office, improving efficiency and reducing billing times. I would recommend PIMSY to anyone looking for a good EMR company that will help you implement its program and help you with any questions you have along the way.”

    ~ Seth H., Business Owner

  • Karen B.

    “Love PIMSY! So much quicker to complete notes and easier for everyone working with clients to know current authorizations and track units.”

    ~ Karen B., Therapist

  • Dr. Carmen L.

    “I am extremely appreciative and am so glad I decided to go with PIMSY versus the other options I was considering. I was singing your praises to a colleague of mine today who is feeling overwhelmed with her paper process. I highly recommend all of you.”

    ~ Dr. Carmen L., Program Director

  • Kim T.

    “We are now functioning at a 50% faster recovery rate for money and a 50% lower denial rate. You should really give the PIMSY team time to demonstrate for you personally.”

    ~ Kim T., Business Director

Subscribe To Our Newsletter

captcha