Is Database Encryption Practical?
Howard Anderson, Managing Editor, HealthcareInfoSecurity.com Although many healthcare organizations are making broader use of encryption, they’re typically taking a “wait and see” approach to encrypting their clinical databases, citing serious concerns about an adverse impact on performance. Two consultants, however, argue that hospitals and clinics can apply encryption on the back end without hurting the performance of their core electronic health records systems. The two divergent options they advocate call for: Using “distributed cryptography” that involves installing a third-party encryption system on a server separate from the clinical database. Using newer databases that run “transparent database encryption” or TDE. Encryption is high on the list of many hospitals’ and clinics’ lists of risk management priorities thanks to a “safe harbor” in the HITECH Act’s breach notification rule. Under the safe harbor, breaches of encrypted data need not be reported to regulators. And that’s
