> > > Though for data which falls under hipaa, I understand it must be > encrypted > > on the server's disk. > > Not true. If you know otherwise please cite the appropriate federal > regulation > from 45 CFR ยง 164. HIPAA data being transported off-site needs to be > encrypted > although that isn't specifically spelled out
There are more articles than these ones, but for example: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/breachnotificationifr.html http://blog.pchealthstop.com/?p=8 http://www.scmagazine.com/hipaa-encryption-meeting-todays-regulations/article/173661/ "encryption is now a de facto primary aspect of HIPAA compliance after the passing of the HITECH Act." It looks more like if your data at rest is encrypted (ie server hard drives), you're better protected under the law from penalties. But it's not mandatory yet. But it sounds like I would want to encrypt my servers, unless the process is too onerous. Cheers -- Steven Kurylo
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
