By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    data science anayst
    Growing Demand for Data Science & Data Analyst Roles
    6 Min Read
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Encrypting Backup Data for HIPAA and PCI Compliance
Share
Notification Show More
Latest News
SMEs Use AI-Driven Financial Software for Greater Efficiency
Artificial Intelligence
data security in big data age
6 Reasons to Boost Data Security Plan in the Age of Big Data
Big Data
data science anayst
Growing Demand for Data Science & Data Analyst Roles
Data Science
ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence
ai in omnichannel marketing
AI is Driving Huge Changes in Omnichannel Marketing
Artificial Intelligence
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Policy and Governance > Encrypting Backup Data for HIPAA and PCI Compliance
AnalyticsData ManagementITPolicy and GovernancePrivacySoftware

Encrypting Backup Data for HIPAA and PCI Compliance

onlinetech
Last updated: 2013/07/26 at 8:00 AM
onlinetech
6 Min Read
SHARE

Stored data is a top target by hackers, especially the type of data that can be used for fraud and medical identity theft – within the healthcare industry in particular, encrypting stored data to meet HIPAA compliance is one way to avoid the HIPAA Breach Notification Rule and keep data secure.

Stored data is a top target by hackers, especially the type of data that can be used for fraud and medical identity theft – within the healthcare industry in particular, encrypting stored data to meet HIPAA compliance is one way to avoid the HIPAA Breach Notification Rule and keep data secure.

Disaster Recovery White PaperData that is stored in archives as backups is subject to corporate compliance data laws and regulations. The following is an excerpt from our Disaster Recovery white paper now available for download, a great resource for compliance and security-conscious organizations that want to learn more about creating a compliant business continuity and disaster recovery plan:

5.5.1. Encryption
What is encryption? Encryption takes plaintext (your data) and encodes it into unreadable, scrambled text using algorithms that render it unreadable unless a cryptographic key is used to convert it. Encryption ensures data security and integrity even if accessed by an unauthorized user.

More Read

data encryption importance

Encryption Importance in the Age of Data Breaches

Why You Must Leverage Encryption for Data Protection in the Digital Transformation Era
Contrasting the Different Data Encryption Techniques for Optimal Security
Should the Entire Internet Be Encrypted?
CEOs Discuss Encryption for Healthcare [VIDEO]

According to NIST (National Institute of Science and Technology), encryption is most effective when applied to both the primary data storage device and on backup media going to an offsite location in the event that data is lost or stolen on its way or at the site, meaning data in transit and at rest. NIST also recommends keeping a solid cryptographic key management process in order to allow encrypted data to be read and available as needed (decryption).

According to data security expert Chris Heuman, Certified Information Systems Security Professional (CISSP), performing a disaster recovery test of encrypted data should be an important part of your business continuity strategy. Forcing recovery from an encrypted backup source and forcing a recovery of the encryption key to the recovery device allows organizations to find out if encryption is effective before a real disaster or breach occurs.

Encryption for HIPAA and PCI Compliance
Encryption is considered a best practice for data security and is recommended for organizations with sensitive data, such as healthcare or credit card data. It is highly recommended for the healthcare industry that must report to the federal agency, Dept. of Health and Human Services (HHS), if unencrypted data is exposed, lost stolen or misused.

The federally mandated HIPAA Security Rule for healthcare organizations handling electronic protected health information (ePHI) dictates that organizations must:

In accordance with §164.306… Implement a mechanism to encrypt and decrypt electronic protected health information. (45 CFR § 164.312(a)(2)(iv))

HIPAA also mandates that organizations must:

§164.306(e)(2)(ii): Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. Protecting ePHI at rest and in transit means encrypting not only data collected or processed, but also data stored or archived as backups.

HIPAA Compliant Hosting White PaperKeeping data stored in a HIPAA compliant data center with an audited HIPAA hosting provider monitoring and maintaining the facility can help prevent data breaches targeted at stored/archived data. Read our HIPAA Compliant Hosting white paper as it explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.

For organizations that deal with credit cardholder data, they must adhere to PCI DSS standards that require encryption only if cardholder data is stored. PCI explicitly states:

3.4 Render PAN (Primary Account Number) unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches:

  • One-way hashes based on strong cryptography (hash must be of the entire PAN)
  • Truncation (hashing cannot be used to replace the truncated segment of PAN)
  • Index tokens and pads (pads must be securely stored)
  • Strong cryptography with associated key-management processes and procedures

3.4.1.c Verify that cardholder data on removable media is encrypted wherever stored.

PCI Compliant Hosting White PaperRead our PCI Compliant Hosting white paper as it discusses the impact of the PCI DSS standard on data centers and server infrastructure, describes the architecture of a PCI compliant data center both technically and contractually, and outlines the benefits and risks of data center outsourcing, and vendor selection criteria.

While both addressable and required for compliance, encryption is also considered an industry best practice – no longer just an option but necessary to protect backup data in rest and in transit to your disaster recovery/offsite backup site.

 

TAGGED: data encryption
onlinetech July 26, 2013
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

SMEs Use AI-Driven Financial Software for Greater Efficiency
Artificial Intelligence
data security in big data age
6 Reasons to Boost Data Security Plan in the Age of Big Data
Big Data
data science anayst
Growing Demand for Data Science & Data Analyst Roles
Data Science
ai software development
Key Strategies to Develop AI Software Cost-Effectively
Artificial Intelligence

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

data encryption importance
Risk Management

Encryption Importance in the Age of Data Breaches

6 Min Read
data encryption and security
Data Management

Why You Must Leverage Encryption for Data Protection in the Digital Transformation Era

7 Min Read
data encryption for data security
Security

Contrasting the Different Data Encryption Techniques for Optimal Security

7 Min Read

Should the Entire Internet Be Encrypted?

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive
AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?